diff --git modules/filter/filter.api.php modules/filter/filter.api.php
index 5e20ed2..c0038ce 100644
--- modules/filter/filter.api.php
+++ modules/filter/filter.api.php
@@ -40,6 +40,10 @@
  *     content before the actual filtering happens.
  *   - 'process callback': The name the function that performs the actual
  *     filtering.
+ * - When a text format is checked to determine if it is configured securely,
+ *   the following properties may be used:
+ *   - 'security callback': The name of a function that determines whether the
+ *     filter allows new exploits or prevents existing ones.
  *
  * Filtering is a two-step process. First, the content is 'prepared' by calling
  * the 'prepare callback' function for every filter. The purpose of the 'prepare
@@ -64,6 +68,14 @@
  * format is an entire filter setup: which filters to enable, in what order
  * and with what settings.
  *
+ * Different filters can introduce or remove security vulnerabilities in the
+ * text formats that contain them, depending on how they are configured.
+ * Filters whose presence in a text format can have implications for security
+ * should therefore use the 'security callback' function to provide information
+ * about whether they are configured securely. The filtering system will
+ * collect this information and use it to automatically determine whether the
+ * text format as a whole is secure.
+ *
  * Filters that require settings should provide the form controls to configure
  * the settings in a form builder function, specified in 'settings callback'.
  * The filter system stores the settings in the database per text format.
@@ -122,6 +134,91 @@
  * - $format: The format object of the text to be filtered.
  * - $long: Boolean whether to return long or short filter guidelines.
  *
+ * 'security callback' is invoked with the following parameters:
+ * - $filter: An object representing the filter within the text format that is
+ *   being checked. The most important property is $filter->settings, which
+ *   contains an array of settings for this filter as it is configured within
+ *   the current text format. The security callback function should inspect
+ *   these settings if they are relevant for determining when the filter is
+ *   configured securely.
+ *
+ *   - If the filter opens up a new exploit in a previously safe text format,
+ *     or
+ *   - If the filter could have specifically prevented an exploit if it had
+ *     been configured in a different way. 
+ *   The callback retuns an array keyed by the two categories in which
+ *   potential vulnerabilities exists, either 'html' or 'exec'. By 
+ *   far the most common category is 'html', which
+ *   represents any vulnerability that occurs when the web browser processes
+ *   the content as HTML (for example, cross-site scripting); this includes
+ *   both HTML itself as well as other languages (such as JavaScript) that can
+ *   be included in HTML. A filter which needs to output a warning message
+ *   about an HTML-related vulnerability would therefore use code like the
+ *   following:
+ *   @code
+ *     return array('html' => array(
+ *       'type' => FILTER_EXPLOT_CREATES,
+ *       'warning' => t('A message explaining the vulnerability.')
+ *     ));
+ *   @endcode
+ *   Although HTML-related exploits are by far the most common category, others
+ *   are possible for certain types of unusual filters. For example, the PHP
+ *   module in Drupal core uses the 'exec' category to indicate that the PHP
+ *   filter which it provides contains an inherent vulnerability since content
+ *   is executed as PHP code on the server; this vulnerability represents a separate risk that is independent
+ *   from any HTML-related vulnerabilities, and can not be undone by a later filter.
+ *   In this case, the relevant code is therefore ('type' is optional since it always FILTER_EXPLOT_CREATES):
+ *   @code
+ *     return array('exec' => array(
+ *       'type' => FILTER_EXPLOT_CREATES,
+ *       'warning' => t('A message explaining the vulnerability.')
+ *     ));
+ *   @endcode
+ *   Similarly, a hypothetical filter that took the content passed in to it and
+ *   executed it as Perl code by running a local program on the web server
+ *   would use the same format for its warning.
+ *
+ * The return value of the 'security callback' function is an optional array
+ * representing the effect of the filter on each category described above. The
+ * constant FILTER_EXPLOIT_PREVENTS should be used if the filter prevents
+ * security exploits by sanitizing previously-unsafe content; for example, a
+ * filter that escapes HTML would return:
+ * @code
+ *   array('html' => FILTER_EXPLOIT_PREVENTS).
+ * @endcode
+ * The constant FILTER_EXPLOIT_ALLOWS should be used if the filter allows a new
+ * security exploit, even if the content passed in to the filter was previously
+ * sanitized. For example, a filter that evaluates PHP code would return:
+ * @code
+ *   array('php' => FILTER_EXPLOIT_ALLOWS). 
+ * @endcode
+ * Similarly, a filter that processes a certain kind of markup language and
+ * therefore transforms safe text, such as "[script]", into unsafe HTML tags,
+ * such as '<script>', would return:
+ * @code
+ *   array('html' => FILTER_EXPLOIT_ALLOWS). 
+ * @endcode
+ * If the security callback function does not include a particular category in
+ * the returned array, this is taken to mean that the filter does not affect 
+ * the security of this type of output one way or the other; unsanitized content 
+ * passed in to the filter remains unsanitized after the filter is applied, and 
+ * sanitized content passed in to the filter similarly remains sanitized.
+ *
+ * @code
+ *   function mymodule_filter_security($filter, &$warnings) {
+ *     if (empty($filter->settings['remove_unsafe_html'])) {
+ *       $warnings['html'][] = t('The "mymodule" filter is configured to allow unsafe HTML. Either select the "remove unsafe HTML" option in the configuration settings for this filter, or add another filter after it that separately removes unsafe HTML.');
+ *     }
+ *     else {
+ *       // The "remove unsafe HTML" configuration option was selected, so this
+ *       // filter prevents HTML exploits.
+ *       return array('html' => FILTER_EXPLOIT_PREVENTS);
+ *     }
+ *   }
+ * @endcode
+ *
+ * @see filter_format_is_secure()
+ *
  * For performance reasons content is only filtered once; the result is stored
  * in the cache table and retrieved from the cache the next time the same piece
  * of content is displayed. If a filter's output is dynamic, it can override the
@@ -145,6 +242,11 @@
  *     of the filtering.
  *   - 'process callback': (required) The callback function to call in the
  *     'process' step of the filtering.
+ *   - 'security callback': A callback function that determines whether the
+ *     filter is configured to allow new security exploits or prevent existing
+ *     ones. Many filters do not need to implement this callback at all; it
+ *     should only be used by filters whose presence in a text format can have
+ *     security implications.
  *   - 'settings callback': A callback function that provides form controls
  *     for the filter's settings. Each filter should apply either the default
  *     settings or the configured settings contained in $filter->settings. The
@@ -166,6 +268,7 @@ function hook_filter_info() {
     'title' => t('Limit allowed HTML tags'),
     'description' => t('Allows you to restrict the HTML tags the user can use. It will also remove harmful content such as JavaScript events, JavaScript URLs and CSS styles from those tags that are not removed.'),
     'process callback' => '_filter_html',
+    'security callback' => '_filter_html_security',
     'settings callback' => '_filter_html_settings',
     'default settings' => array(
       'allowed_html' => '<a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>',
diff --git modules/filter/filter.module modules/filter/filter.module
index eda4a03..6f04f98 100644
--- modules/filter/filter.module
+++ modules/filter/filter.module
@@ -7,6 +7,24 @@
  */
 
 /**
+ * Status which indicates that a filter prevents security exploits.
+ *
+ * This should be used by filters that sanitize previously-unsafe content.
+ */
+define('FILTER_EXPLOIT_PREVENTS', 1);
+
+/**
+ * Status which indicates that a filter creates a new security exploit.
+ *
+ * This should be used by filters that would output unsafe content even if the
+ * content passed in to the filter was previously sanitized, or filters that
+ * result in code execution.
+ */
+define('FILTER_EXPLOIT_CREATES', 2);
+
+define('FILTER_EXPLOIT_ALLOWS', 3);
+
+/**
  * Implement hook_help().
  */
 function filter_help($path, $arg) {
@@ -200,8 +218,14 @@ function filter_format_save(&$format) {
   }
   foreach ($format->filters as $name => $filter) {
     $fields = array();
-    // Add new filters to the bottom.
-    $fields['weight'] = isset($current[$name]->weight) ? $current[$name]->weight : 10;
+    // If a specific weight was requested, use that.
+    if (isset($filter['weight'])) {
+      $fields['weight'] = $filter['weight'];
+    }
+    // Otherwise add new filters to the bottom.
+    else {
+      $fields['weight'] = isset($current[$name]->weight) ? $current[$name]->weight : 10;
+    }
     $fields['status'] = $filter['status'];
     $fields['module'] = $filter_info[$name]['module'];
     $format->filters[$name]['module'] = $filter_info[$name]['module'];
@@ -276,17 +300,20 @@ function filter_permission() {
     'description' => t('Manage text formats and filters, and use any of them, without restriction, when entering or editing content. %warning', array('%warning' => t('Warning: Give to trusted roles only; this permission has security implications.'))),
   );
 
-  // Generate permissions for each text format. Warn the administrator that any
-  // of them are potentially unsafe.
+  // Generate permissions for each text format. Warn the administrator about
+  // text formats that are unsafe.
   foreach (filter_formats() as $format) {
     $permission = filter_permission_name($format);
     if (!empty($permission)) {
-      // Only link to the text format configuration page if the user who is
-      // viewing this will have access to that page.
-      $format_name_replacement = user_access('administer filters') ? l($format->name, 'admin/config/content/formats/' . $format->format) : theme('placeholder', array('text' => $format->name));
+      $replacements = array(
+        // Only link to the text format configuration page if the user who is
+        // viewing this will have access to that page.
+        '!text_format' => user_access('administer filters') ? l($format->name, 'admin/config/content/formats/' . $format->format) : theme('placeholder', array('text' => $format->name)),
+        '%warning' => t('Warning: Give to trusted roles only; this permission has security implications.'),
+      );
       $perms[$permission] = array(
         'title' => t("Use the %text_format text format", array('%text_format' => $format->name)),
-        'description' => t('Use !text_format in forms when entering or editing content. %warning', array('!text_format' => $format_name_replacement, '%warning' => t('Warning: This permission may have security implications depending on how the text format is configured.'))),
+        'description' => filter_format_is_secure($format->format) ? t('Use !text_format in forms when entering or editing content.', $replacements) : t('Use !text_format in forms when entering or editing content. %warning', $replacements),
       );
     }
   }
@@ -544,6 +571,75 @@ function filter_list_format($format_id) {
 }
 
 /**
+ * Determines if a text format is configured securely.
+ *
+ * @param $format_id
+ *   The ID of the format to check.
+ * @return
+ *   If the text format is insecure, an array of categorized warning messages
+ *   explaining the reasons why the text format is insecure. The keys of the
+ *   array will be strings for the two categories in which a security
+ *   vulnerabilities may exists, and the values will be arrays of messages
+ *   describing each vulnerability. For example, consider a text format that
+ *   is insecure in two separate ways:
+ *   - The content that passes through the text format is executed as PHP code.
+ *   - The text format fails to filter the content and remove all unsafe HTML
+ *     tags.
+ *   In that case, the $warnings parameter, if it was passed in, will be
+ *   structured similar to the following when the function returns:
+ *   @code
+ *     array(
+ *       'exec' => array(
+ *         'A message explaining the PHP code execution vulnerability.',
+ *       ),
+ *       'html' => array(
+ *         'A message explaining the vulnerability due to unsafe HTML tags.',
+ *         'Any other messages related to the unsafe HTML tag vulnerability.',
+ *       ),
+ *     ).
+ *   @endcode
+ *   In the case of a text format that is configured securely, the returned
+ *   array will be empty.
+ */
+function filter_format_warnings($format_id) {
+  $warnings = array();
+
+  // All text formats start off as insecure, because unfiltered HTML is by
+  // definition not safe.
+  $format_security_status['html'][] = array('type' => FILTER_EXPLOIT_CREATES, 'warning' => t('No filter has been added to sanitize raw HTML.');
+
+  // Go through each filter and execute its security callback function,
+  // modifying the overall state of the text format as appropriate.
+  $filters = filter_list_format($format_id);
+  $filter_info = filter_get_filters();
+  foreach ($filters as $name => $filter) {
+    if ($filter->status && isset($filter_info[$name]['security callback']) && function_exists($filter_info[$name]['security callback'])) {
+      // Check if the callback function returns any data..
+      $callback_function = $filter_info[$name]['security callback'];
+      $filter_security = $callback_function($filter);
+      if (!empty($filter_security['html'])) {
+        $format_security_status['html'][] = $filter_security['html'];
+      }
+      if (!empty($filter_security['exec']['warning'])) {
+        // Any code execution creates a possible exploit.
+        $warnings[] = $filter_security['exec']['warning'];
+      }
+    }
+  }
+
+  // Start from the last filter and find all warnings until reaching a filter
+  // that sanitizes html.
+  do {
+    $security = array_pop($format_security_status['html']);
+    if (!empty($security['warning'])) {
+      $warnings[] = $security['warning'];
+    }
+  } while (!empty($format_security_status['html']) && $security['type'] != FILTER_EXPLOIT_PREVENTS);
+
+  return $warnings;
+}
+
+/**
  * Run all the enabled filters on a piece of text.
  *
  * Note: Because filters can inject JavaScript or execute PHP code, security is
@@ -786,6 +882,38 @@ function filter_dom_serialize($dom_document) {
 }
 
 /**
+ * Splits a string containing HTML tags into an array of tag names.
+ *
+ * @param $tag_string
+ *   A string containing HTML tags; for example, '<a> <em> <strong>'.
+ * @return
+ *   An array of tag names; for example, array('a', 'em', 'strong').
+ */
+function _filter_split_tags($tag_string) {
+  return preg_split('/\s+|<|>/', $tag_string, -1, PREG_SPLIT_NO_EMPTY);
+}
+
+/**
+ * Returns an array of unsafe HTML tags.
+ *
+ * Tags in this list represent a security risk if untrusted users are allowed
+ * to use them when entering content.
+ *
+ * @return
+ *   An array of unsafe HTML tag names.
+ */
+function filter_html_unsafe_tags() {
+  // @todo: Expand this list and make it complete.
+  return array(
+    'embed',
+    'iframe',
+    'object',
+    'script',
+    'style',
+  );
+}
+
+/**
  * Format a link to the more extensive filter tips.
  *
  * @ingroup themeable
@@ -824,6 +952,7 @@ function filter_filter_info() {
     'title' => t('Limit allowed HTML tags'),
     'description' => t('Allows you to restrict the HTML tags the user can use. It will also remove harmful content such as JavaScript events, JavaScript URLs and CSS styles from those tags that are not removed.'),
     'process callback' => '_filter_html',
+    'security callback' => '_filter_html_security',
     'settings callback' => '_filter_html_settings',
     'default settings' => array(
       'allowed_html' => '<a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>',
@@ -857,6 +986,7 @@ function filter_filter_info() {
     'title' => t('Escape all HTML'),
     'description' => t('Escapes all HTML tags, so they will be visible instead of being effective.'),
     'process callback' => '_filter_html_escape',
+    'security callback' => '_filter_html_escape_security',
     'tips callback' => '_filter_html_escape_tips',
   );
   return $filters;
@@ -893,7 +1023,7 @@ function _filter_html_settings($form, &$form_state, $filter, $defaults) {
  * HTML filter. Provides filtering of input into accepted HTML.
  */
 function _filter_html($text, $filter) {
-  $allowed_tags = preg_split('/\s+|<|>/', $filter->settings['allowed_html'], -1, PREG_SPLIT_NO_EMPTY);
+  $allowed_tags = _filter_split_tags($filter->settings['allowed_html']);
   $text = filter_xss($text, $allowed_tags);
 
   if ($filter->settings['filter_html_nofollow']) {
@@ -909,6 +1039,25 @@ function _filter_html($text, $filter) {
 }
 
 /**
+ * Security callback for the HTML filter.
+ */
+function _filter_html_security($filter) {
+  $allowed_tags = _filter_split_tags($filter->settings['allowed_html']);
+  $allowed_unsafe_tags = array_intersect(filter_html_unsafe_tags(), $allowed_tags);
+  if (empty($allowed_unsafe_tags)) {
+    // If the filter does not allow any unsafe tags, it is properly configured
+    // to prevent HTML exploits.
+    return array('html' => array('type' => FILTER_EXPLOIT_PREVENTS));
+  }
+  else {
+    // Otherwise, generate a useful warning for the case where this filter is
+    // being used in an already insecure text format, to explain how it could
+    // have been made safe.
+    return array('html' => array('type' => FILTER_EXPLOIT_ALLOWS, 'warning' => t('The HTML filter is configured to allow the following unsafe tags: %tags', array('%tags' => implode(', ', $allowed_unsafe_tags)));
+  }
+}
+
+/**
  * Filter tips callback for HTML filter.
  */
 function _filter_html_tips($filter, $format, $long = FALSE) {
@@ -1175,6 +1324,15 @@ function _filter_html_escape($text) {
 }
 
 /**
+ * Security callback for the HTML escaping filter.
+ */
+function _filter_html_escape_security($filter, &$warnings) {
+  // Because this filter escapes all HTML, it prevents any HTML-related
+  // exploits from occurring.
+  return array('html' => FILTER_EXPLOIT_PREVENTS);
+}
+
+/**
  * Filter tips callback for HTML escaping filter.
  */
 function _filter_html_escape_tips($filter, $format, $long = FALSE) {
diff --git modules/filter/filter.test modules/filter/filter.test
index 0d9f8c8..c539fb3 100644
--- modules/filter/filter.test
+++ modules/filter/filter.test
@@ -137,7 +137,40 @@ class FilterCRUDTestCase extends DrupalWebTestCase {
   }
 }
 
-class FilterAdminTestCase extends DrupalWebTestCase {
+class FilterTestCase extends DrupalWebTestCase {
+  /**
+   * Helper method for creating a new text format.
+   *
+   * @param $filters
+   *   An ordered array of filters to enable for the text format.
+   * @param $filter_settings
+   *   An array of optional filter settings, keyed by the filter they will be
+   *   applied to. 
+   * @return
+   *   The new text format object.
+   */
+  function createTextFormat($filters = array(), $filter_settings = array()) {
+    $format = new stdClass();
+    $format->name = $this->randomName();
+    $format->filters = array();
+    $weight = 0;
+    foreach ($filters as $filter) {
+      // Enable each filter, set its weight, and add any requested settings.
+      $format->filters[$filter] = array(
+        'status' => 1,
+        'weight' => $weight,
+      );
+      if (isset($filter_settings[$filter])) {
+        $format->filters[$filter]['settings'] = $filter_settings[$filter];
+      }
+      $weight++;
+    }
+    filter_format_save($format);
+    return $format;
+  }
+}
+
+class FilterAdminTestCase extends FilterTestCase {
   public static function getInfo() {
     return array(
       'name' => 'Filter administration functionality',
@@ -359,7 +392,7 @@ class FilterAdminTestCase extends DrupalWebTestCase {
   }
 }
 
-class FilterAccessTestCase extends DrupalWebTestCase {
+class FilterAccessTestCase extends FilterTestCase {
   protected $admin_user;
   protected $web_user;
   protected $allowed_format;
@@ -459,7 +492,7 @@ class FilterAccessTestCase extends DrupalWebTestCase {
   }
 }
 
-class FilterDefaultFormatTestCase extends DrupalWebTestCase {
+class FilterDefaultFormatTestCase extends FilterTestCase {
   public static function getInfo() {
     return array(
       'name' => 'Default text format functionality',
@@ -517,7 +550,7 @@ class FilterDefaultFormatTestCase extends DrupalWebTestCase {
   }
 }
 
-class FilterNoFormatTestCase extends DrupalWebTestCase {
+class FilterNoFormatTestCase extends FilterTestCase {
   public static function getInfo() {
     return array(
       'name' => 'Unassigned text format functionality',
@@ -540,7 +573,7 @@ class FilterNoFormatTestCase extends DrupalWebTestCase {
 /**
  * Unit tests for core filters.
  */
-class FilterUnitTestCase extends DrupalUnitTestCase {
+class FilterUnitTestCase extends FilterTestCase {
   public static function getInfo() {
     return array(
       'name' => 'Core filters',
@@ -1118,9 +1151,113 @@ class FilterUnitTestCase extends DrupalUnitTestCase {
 }
 
 /**
+ * Tests for the text format security API.
+ */
+class FilterFormatSecurityTestCase extends FilterTestCase {
+  protected $filter_html_unsafe_settings;
+
+  public static function getInfo() {
+    return array(
+      'name' => 'Text format security',
+      'description' => 'Test the API for determining whether text formats are secure.',
+      'group' => 'Filter',
+    );
+  }
+
+  function setUp() {
+    parent::setUp('filter_test');
+    $this->filter_html_unsafe_settings = array('allowed_html' => '<a> <em> <script> <strong>');
+  }
+
+  /**
+   * Test a text format with no filters; it should be labeled insecure.
+   */
+  function testNoFilters() {
+    $format = $this->createTextFormat();
+    $this->assertFalse(filter_format_is_secure($format->format, $warnings), t('A text format with no filters is labeled insecure.'));
+    $this->assertEqual(count($warnings['html']), 1, t('A text format with no filters has an associated warning message about insecure HTML.'));
+  }
+
+  /**
+   * Use the HTML filter with default settings; the text format should be
+   * labeled secure.
+   */
+  function testHTMLFilterDefaultSettings() {
+    $format = $this->createTextFormat(array('filter_html'));
+    $this->assertTrue(filter_format_is_secure($format->format, $warnings), t('A text format with the default HTML filter is labeled secure.'));
+    $this->assertEqual(count($warnings), 0, t('A text format with the default HTML filter has no associated warning messages.'));
+  }
+
+  /**
+   * Configure the HTML filter to allow an unsafe tag; the text format should
+   * be labeled insecure.
+   */
+  function testHTMLFilterUnsafeTag() {
+    $format = $this->createTextFormat(array('filter_html'), array('filter_html' => $this->filter_html_unsafe_settings));
+    $this->assertFalse(filter_format_is_secure($format->format, $warnings), t('A text format that allows script tags is labeled insecure.'));
+    $this->assertEqual(count($warnings['html']), 1, t('A text format that allows script tags has an associated warning message about insecure HTML.'));
+  }
+
+  /**
+   * Configure the HTML filter to allow an unsafe tag, but sanitize the input
+   * beforehand by escaping all HTML; the text format should be labeled secure.
+   */
+  function testHTMLFilterUnsafeTagSanitizeBefore() {
+    $format = $this->createTextFormat(array('filter_html_escape', 'filter_html'), array('filter_html' => $this->filter_html_unsafe_settings));
+    $this->assertTrue(filter_format_is_secure($format->format, $warnings), t('A text format that escapes HTML before incompletely filtering it is labeled secure.'));
+    $this->assertEqual(count($warnings), 0, t('A text format that escapes HTML before incompletely filtering it has no associated warning messages.'));
+  }
+
+  /**
+   * Configure the HTML filter to allow an unsafe tag, but sanitize the input
+   * afterwards by escaping all HTML; the text format should be labeled secure.
+   */
+  function testHTMLFilterUnsafeTagSanitizeAfter() {
+    $format = $this->createTextFormat(array('filter_html', 'filter_html_escape'), array('filter_html' => $this->filter_html_unsafe_settings));
+    $this->assertTrue(filter_format_is_secure($format->format, $warnings), t('A text format that escapes HTML after incompletely filtering it is labeled secure.'));
+    $this->assertEqual(count($warnings), 0, t('A text format that escapes HTML after incompletely filtering it has no associated warning messages.'));
+  }
+
+  /**
+   * Escape all HTML, but after doing so, apply a filter that creates new
+   * HTML-related security vulnerabilities; the text format should be labeled
+   * insecure.
+   */
+  function testNewHTMLVulnerability() {
+    $format = $this->createTextFormat(array('filter_html_escape', 'filter_test_new_html_exploit'));
+    $this->assertFalse(filter_format_is_secure($format->format, $warnings), t('A text format that escapes HTML but then allows a new HTML-related security exploit afterwards is labeled insecure.'));
+    $this->assertEqual(count($warnings['html']), 1, t('A text format that escapes HTML but then allows a new HTML-related security exploit afterwards has an associated warning message about insecure HTML.'));
+  }
+
+  /**
+   * Escape all HTML, apply a filter that creates new HTML-related security
+   * vulnerabilities, and then apply the HTML filter configured to allow an
+   * unsafe tag; the text format should be labeled insecure.
+   */
+  function testNewHTMLVulnerabilityAndUnsafeTag() {
+    $format = $this->createTextFormat(array('filter_html_escape', 'filter_test_new_html_exploit', 'filter_html'), array('filter_html' => $this->filter_html_unsafe_settings));
+    $this->assertFalse(filter_format_is_secure($format->format, $warnings), t('A text format that incompletely filters HTML after allowing a new HTML-related security exploit is labeled insecure.'));
+    // Warning messages from the last two filters should both be present, since
+    // neither security vulnerability has been removed.
+    $this->assertEqual(count($warnings['html']), 2, t('A text format that incompletely filters HTML after allowing a new HTML-related security exploit has two associated warning messages about insecure HTML.'));
+  }
+
+  /**
+   * Escape all HTML, apply a filter that creates new HTML-related security
+   * vulnerabilities, and then apply the HTML filter with the default settings;
+   * the text format should be labeled secure.
+   */
+  function testNewHTMLVulnerabilitySanitizeAfter() {
+    $format = $this->createTextFormat(array('filter_html_escape', 'filter_test_new_html_exploit', 'filter_html'));
+    $this->assertTrue(filter_format_is_secure($format->format, $warnings), t('A text format that correctly filters HTML after allowing a new HTML-related security exploit is labeled secure.'));
+    $this->assertEqual(count($warnings), 0, t('A text format that correctly filters HTML after allowing a new HTML-related security exploit has no associated warning messages.'));
+  }
+}
+
+/**
  * Tests for filter hook invocation.
  */
-class FilterHooksTestCase extends DrupalWebTestCase {
+class FilterHooksTestCase extends FilterTestCase {
   public static function getInfo() {
     return array(
       'name' => 'Filter format hooks',
diff --git modules/php/php.module modules/php/php.module
index 196892d..8cd8e1b 100644
--- modules/php/php.module
+++ modules/php/php.module
@@ -129,9 +129,18 @@ function php_filter_info() {
     'title' => t('PHP evaluator'),
     'description' => t('Executes a piece of PHP code. The usage of this filter should be restricted to administrators only!'),
     'process callback' => 'php_eval',
+    'security callback' => '_php_filter_security',
     'tips callback' => '_php_filter_tips',
     'cache' => FALSE,
   );
   return $filters;
 }
 
+/**
+ * Security callback for the PHP filter.
+ */
+function _php_filter_security($filter, &$warnings) {
+  // Any format using this filter is insecure.
+  $warnings['php'][] = t('The PHP filter allows users to execute arbitrary PHP code on your site.');
+  return array('php' => FILTER_EXPLOIT_ALLOWS);
+}
diff --git modules/php/php.test modules/php/php.test
index b7fb2a2..fc5e98b 100644
--- modules/php/php.test
+++ modules/php/php.test
@@ -4,7 +4,7 @@
 /**
  * Base PHP test case class.
  */
-class PHPTestCase extends DrupalWebTestCase {
+class PHPTestCase extends FilterTestCase {
   protected $php_code_format;
 
   function setUp() {
@@ -105,3 +105,39 @@ class PHPAccessTestCase extends PHPTestCase {
     $this->assertNoRaw('<option value="' . $this->php_code_format . '">', t('PHP code format not available.'));
   }
 }
+
+/**
+ * Test that text formats with the PHP filter are always labeled as insecure.
+ */
+class PHPFilterSecurityTestCase extends PHPTestCase {
+  public static function getInfo() {
+    return array(
+      'name' => 'PHP filter security',
+      'description' => 'Test that text formats containing the PHP filter are always labeled as insecure.',
+      'group' => 'PHP',
+    );
+  }
+
+  /**
+   * Test a text format that only applies the PHP filter; it should be labeled
+   * insecure for both HTML and PHP exploits.
+   */
+  function testPHPFilter() {
+    $format = $this->createTextFormat(array('php_code'));
+    $this->assertFalse(filter_format_is_secure($format->format, $warnings), t('A text format with the PHP filter is labeled insecure.'));
+    $this->assertEqual(count($warnings['php']), 1, t('A text format with the PHP filter has an associated warning message about PHP code execution.'));
+    $this->assertEqual(count($warnings['html']), 1, t('A text format with the PHP filter has an associated warning message about insecure HTML.'));
+  }
+
+  /**
+   * Test a text format that applies the PHP filter and escapes all HTML
+   * afterwards; it should be labeled insecure for PHP exploits, but not for
+   * HTML exploits.
+   */
+  function testPHPFilterEscapeHTML() {
+    $format = $this->createTextFormat(array('php_code', 'filter_html_escape'));
+    $this->assertFalse(filter_format_is_secure($format->format, $warnings), t('A text format with the PHP filter that also escapes HTML is labeled insecure.'));
+    $this->assertEqual(count($warnings['php']), 1, t('A text format with the PHP filter that also escapes HTML has an associated warning message about PHP code execution.'));
+    $this->assertTrue(empty($warnings['html']), t('A text format with the PHP filter that also escapes HTML has no associated warning messages about insecure HTML.'));
+  }
+}
diff --git modules/simpletest/tests/filter_test.module modules/simpletest/tests/filter_test.module
index 7fdd2f4..956e94a 100644
--- modules/simpletest/tests/filter_test.module
+++ modules/simpletest/tests/filter_test.module
@@ -7,6 +7,39 @@
  */
 
 /**
+ * Implement hook_filter_info().
+ */
+function filter_test_filter_info() {
+  $filters['filter_test_new_html_exploit'] = array(
+    'title' => t('Create a new HTML exploit'),
+    'description' => t('This filter intentionally creates a new HTML-related security vulnerability, for the purpose of testing the text format security API.'),
+    'process callback' => '_filter_test_new_html_exploit',
+    'security callback' => '_filter_test_new_html_exploit_security',
+  );
+  return $filters;
+}
+
+/**
+ * Filters text in such a way that a new HTML exploit is intentionally created.
+ *
+ * This filter is used for testing the text format security API, and it is an
+ * example of a filter that creates a new HTML-related security exploit by
+ * allowing safe text, such as "[script]", to be converted to an unsafe
+ * "<script>" HTML tag.
+ */
+function _filter_test_new_html_exploit($text) {
+  return str_replace(array('[', ']'), array('<', '>'), $text);
+}
+
+/**
+ * Security callback for the test HTML exploit filter.
+ */
+function _filter_test_new_html_exploit_security($filter, &$warnings) {
+  $warnings['html'][] = t('The HTML exploit filter deliberately creates a new HTML-related security vulnerability, even if the content passed in to the filter was previously sanitized.');
+  return array('html' => FILTER_EXPLOIT_ALLOWS);
+}
+
+/**
  * Implement hook_filter_format_insert().
  */
 function filter_test_filter_format_insert($format) {