In this example the tweet is properly encoded before being displayed to the user and is safe against XSS attacks.
OWASP's ESAPI4JS is used for performing the encoding.
Even if raw HTML is injected by an attacker it does not lead to Cross-site Scripting.
Executing the same function used in Insecure Example 2, does not create a Stored Cross-site Scripting. Check.