The common terminology refers to the point of view of someone looking at the XML in their editor, to whom the cases you describe look encoded either once or twice, rather than not or once. In case of RSS, titles should be assumed to be double-encoded (ie you get a once-decoded string from the XML parser then re-decode once more yourself it to reveal the markup as such). (And because RSS is too loosely specified this will yield incorrigibly wrong results in a sizable number of cases.)

As for cross-site scripting attacks, that’s even further off the original topic than the question of whether to use embedded markup, and anyone interested in such matters such see HOWTO Avoid Being Called a Bozo When Producing XML for a comprehensive treatise of dos and don’ts.

Makeshifts last the longest.