Permissions truncated by plone.protect

I get a result that typically looks like this on the security tab (manage_access) in Plone 5.1 (Windows, if that matters). Please note, this is the bottom of the page - it didn't even finish that table row, let alone all of the default permissions. I suspected it was a bungled transform by plone.protect and indeed if I inspect that value of result the HTML is what I would expect. Digging a bit deeper, the discrepancy appears to happen somewhere in the call to getHTMLSerializer, so I suppose this is really a repoze bug.

This bug feels very familiar to me, but I can't remember if I had a similar issue in Plone 5 or Plone 4.x, and I can't remember a solution for it. I do not have an issue in Plone 5.0.5. The biggest head scratcher is that while 5.0.5 and 5.1 have different versions of plone.protect, they share the same version of repoze.xmliter.

For the record I don't see this problem with a 5.1 install on Linux
plone.protect : 3.1.2
repoze: 0.6
IOW the versions packaged with the release.

I pip uninstalled lxml and pypiwin32 and reinstalled them. It seemed to work this time - I suspect some peculiarity with the libxml/libxslt C binaries for Windows. This was a rather weird way for an issue with it to manifest!