Update: Do two runs of encode entities to encode normal characters first time and your special characters the second time. This may be a little slower than doing one pass but means you don't have to specify exactly what else you need to encode.
my $string = '[I haz square brackets]';
my $unsafe_chars = '[]';
# first pass encodes default set
my $pass1= encode_entities( $string );
# second pass encodes speshul chars
my $encoded = encode_entities( $pass1, $unsafe_chars );
If you spot any bugs in my solutions, it's because I've deliberately left them in as an exercise for the reader! :-)