This is a reminder that as per ticket 12416, 3.0 changes the escaping rules for the option, site option, transient, and site transient functions. Before, they were inconsistent in whether they expected slashed or unslashed data. As of 3.0, they all expect unslashed data. This means $_POST, $_GET, etc. data needs to be stripped before being passed and that data pulled from the DB does not need to be slashed before being passed back to one of these functions. Many (probably most) plugins weren’t properly following the inconsistent rules before so we decided to make it simple and clear and clean up the mess. Note that the slashing is not used for DB security. That is handled by our prepare() function and mysql_real_escape_string(). The slashing rules are back compat holdovers from the bad old days of magic quotes.