Script tags inside of elements that have not been added to the HTML document should not execute until they are added to the HTML document.
$('<div />').html('<script>alert("This should not render")</script>');
An alert box is shown, even though this element is not in the HTML document.
If you do this with native JS, the script does not execute:
var elem = document.createElement('div');
elem.innerHTML = "<script>alert("This should not render")</script>"
You are correct, this is a bug and should be fixed for jQuery API parity.
Fixed in ed63f79