I think it would be nice to have a whitelisted method to create/add build summaries, allowing the groovy script to be run in the sandbox. I'm guessing the current method isn't whitelisted because it allows the adding a raw/unescaped HTML. So does that mean there could a whitelisted method that force escapes HTML or only allows plain text?