This package is a source of security concerns (XSS injections, not CSP compatible) and allows injection of undesirable content or formatting (e.g. images in headings, or headings in lists).
As this project is no longer actively maintained by the Wagtail team, security issues are unlikely to be addressed in a timely manner, if at all.
If you need to report an issue you can do so via (security@wagtail.io).