Comment nodes were totally ignored in @SafeHtml evaluation whereas they can contain some code (typically, SSI or conditional IE things and so on).
As vendors continuously come with new way to misuse HTML comments, let's play it safe and consider them invalid.
Note that this is a change in behavior and previously safe HTML will now be considered unsafe.