This is not a security issue, but it is related.
I discovered a stupid bug on the contacts service of Gmail the other day, trying to do a XSS injection in another site. When you put something like <(.*)> inside a contact, the contact disappears. This is due to google instead of escape the characters only remove your contact. Is a very good solution to avoid XSS, but not the best if you want to keep your contacts :) .
I reportered the bug and two hours after that it was fixed, but they didn't told me anything :(
The video with the bug: