Thanks for waking this issue up - looks promising
If the problem is that we are letting users put unfiltered content on their "my" page, could we give site admins the option to choose between:
a) Users can put what they like on their 'my' page, but you loginas logs out afterwards
b) Loginas works like it used to, but user content gets escaped as it goes out.
Another thought is to restrict loginas from quite doing the right thing for 'my' pages - show escaped content for loginas'd users. In the event that a user's 'my' page needed debugging, you would need a full login as option, but that could suffer the same restriction as we currently have.
A lot of the time when admins are using loginas functionality, they don't need to view the 'my' page at all, or seeing escaped content would be ok, if we can make this scenario pain-free as possible, then I think that this would be a big win.
I worry that giving admins an easy-to-use switch that says: "Make everything seem to work, but silently insecure", is very tempting to turn on. When nothing immediately explodes the admin will leave it on and forget about it. They'll either deliberately leave it on, or intend to turn it off after this little task
Eventually many will suffer at the hands of their users, and not know why. Sure, it's their fault, but their perception of Moodle will suffer as a result.