As an update to this post, I ran across this bug filed (and experienced by yours truly) regarding the DataFormatString behavior changing from Beta2 to RTM.
So we have to set the HtmlEncode property to true on EVERY single boundfield now?
UPDATE: ...Just tried it... and its still ignoring the DataFormatString. Anybody have any suggestions?