Problem/Motivation
Custom modules / themes and other contrib modules like views_field_formatter use the API function of views: views_embed_view()
HEAD
In HEAD views_embed_view() returns the INNER views render array, so it doesn't include any kind of cacheability metadata, so using it can cause cache poisoning and introduce a potential security issue. For example views_embed_view() is used twice, it could show the same result for different views.
PATCH
With the patch views_embed_view() will not return the views render array, but rather the views element, which will be expanded on render time to the actual views render array.
Proposed resolution
Remaining tasks
User interface changes
API changes
The return value of views_embed_view() will still ultimately be a render array, but its structure will change, see https://www.drupal.org/node/2649352#comment-10818662 for details.