As RichFaces editor (or any wysiwyg for that matter) allow user to input html-formated content, nice feature would be integrated, server-side anti-XSS (Cross-site Scriptiong) filter.
XSS is one of the top webbased applications threads, so including such funtionality should considerably improve quality of a RichFaces framework.
It could look something like this:
<rich: editor ...> <rich:XSSFilter allowedTags="..." stripComments="true|false" .../> </rich:editor>
You can use SeamText. It allows only a safe subset of HTML tags.