CiviCRM versions 5.3.0 and 4.6.37 (and earlier)
CiviCRM version 5.3.1 and 4.6.38 (and later)
When generating a list of the custom groups that utilize a particular sub-type, the sub-type was not properly escaped.
Upgrade to the latest version of CiviCRM
Patrick Figel of Greenpeace for reporting the issue.
Seamus Lee of Australian greens for fixing the issue.