I think this is mostly by design. By default, Mantis allows reporters to use bold, italics and such in bug reports and notes by using the usual HTML tags. This is because the $g_html_valid_tags variable in the config file comes preset to the value "p, li, ul, ol, br, pre, i, b, u". But as you see, this isn't so great when you want to paste raw HTML source code into your bug description and have it preserved as source that users can see. For those uses, you should clear out the $g_html_valid_tags variable.

There will be plugins in the future that allows different ways to format text. Hence, you should disable the HTML formatting and use bbcode or something similar (if required at all). Please confirm if this resolves your issue.

Not exactly. The core of the problem is that HTML entities aren't preventing code from being intepreted as HTML.

If < b > makes text bold, then & lt ; b & gt ; should result in visible source. They can't both do the same thing - that doesn't follow HTMLs logic and makes things more unpredictable.

We now support markdown instead of html.