Just as a follow up, I found that the safe way to do this is to leave globals.php alone and at the top of languages.php, it should be:
Code:
define('USE_TRUSTED_POST_VARIABLES',1);
$trusted_post_variables = array("var_value", "new_var_value");
require "../smarty.php";
require "../config.php";
require "./auth.php";
This authorizes var_value and new_var_value as trusted post variables and will not strip the HTML tags.