Many people use :utf8 without realizing the security implications. I claim that they need to be warned about that. Deprecating the name, and changing it to one like :utf8_no_check (better name suggestions welcome) would accomplish this.