- **Breaking API Change** - Integrated CSRF token rendering with default form generation. CSRF is now used on all forms by default, and you have to explicitly disable it if you don't want it. - Add support for nested data structures in ``form.bind()``.