Honestly, as it stands this is a pretty terrible idea. 1. It has a huge potential for introducing BC breaks. - I have some code somewhere which uses output buffering and echo to write cached copies of html pages to disk. This would break that. - Writing out html like structures when running as a cli shouldn't be affected; but it probably would be. - Several systems store html templates in a database and echo them. Possible breaking change here 2. Relying on an ini setting for security is a bad idea: we did that with magic quotes and look how that turned out. 3. Ini setting changes at runtime cannot be relied upon. (Think shared hosting providers who might switch this on(or off) globally and deny changes to it at runtime) 4. Already mentioned but there is more to escaping than just HTML
If you decide to pursue this further try using declare(this_is_a_template=true) at the top of each template file to enable this badhaviour instead of an ini setting. This then applies on a per file basis and side steps numerous issues.
