Anywhere that is using self.middleKitObjectEval() (in lib/SitePage.py) to save to the database is improperly escaping HTML characters *before* they are written to the database. The escape() or quoted_escape() functions should only be used before data is presented in the browser. The data in the database should be left pristine.
To see what's happening create (or edit) a customer that has a '&' in it's description for example. It will store & in the database.