yep, you are right!
That is because of the new security. All the fields are escaped, so that nobody can inject anything wrong in there.
You can make your own brick if you like, here is how: http://2046.cz/easy/extend
only the esc value should be empty in your case:
'esc' => 'stip_tags' // empty means ''
put the whole code (from link) in your function.php and you should be ready to go.
If you know how to work with WP templates you can hack the control output even further if you like.
This way it will be your fault if someone hack your site and inject something in there, which is unlikely ..anyway.
It won't work.. I'm checking the field if it is not empty, and if it is, it won't process the data.
Let me think.. I should think about the solution first