Recovered from the Wayback Machine.
I’ve pulled the plug-in. It cleaned out the comment text, but not the name, URL, and email of the person. The email isn’t an issue, as WP ensures the email is clean; the URL and the name, however, are still an issue. A new comment isn’t the problem; edited comments are.
Frankly, if you’re going to serve your pages up as XHTML, your best bet is to moderate comments so you can catch every variation of something that can go wrong. Either that, or get rid of comments, which is also an option.
I’ll post a new version, once I’ve checked those fields, and completed a few other odds and ends.