For escaping schemes, there are a couple of well known choices, most of them based on \ as an escape character, which rules them out for use in edn keywords.
Arguably the best known escaping scheme, though, is rfc3987 percent-encoding, also known as url-encoding. This happens to be an almost perfect fit for transcribing human-readable strings into clojure keyword namespaces:
1.) It retains a moderate amount of readability which gets better through reusable knowledge. You probably don't even have to check, when , I tell you that %2F means /
2.) Reserved characters in an uri segment, seem to be a happy superset of clojure's reserved characters. In particular, it reserves : and /, but leaves . (which leads to a curious, but not entirely unappealing mapping to java package trees.)
3.) % got allowed in clojure 1.5.0. The jury on http://dev.clojure.org/jira/browse/CLJ-1527 is still out, but Rich Hickey's talk about not breaking APIs could be interpreted to mean that it will stay allowed.
Bumping the required clojure version from 1.4.0 to 1.5.0 is a slight drawback, but that will amortize as people keep upgrading their software. It should also be possible to work with a useful a subset of data.xml on 1.4.0, even some namespacing support as % won't be readable, but still constructable.