The frontend uses our own custom escaping, too. We would of course also change the frontend to use HTML escaping instead of our current escaping. The current escaping prefixes some characters with \, meaning that the problematic characters like < remain in the HTML comment. On the other hand, HTML escaping would get rid of them. My idea why this would help is that there would be no need to change the escaping in CKEditor on the fly in all HTML comments.