I looked the other day and found a couple of interesting files, but nothing worth posting about, so I didn't. Since you say you're going to look at it, I thought I'd mentioned what I had found.
There's one that attempts to take some extended characters and transliterate them. Things like "frac34" become "three fourths". This was my best hope at first, but didn't really look like it was what was happening. However, it was only place that I could find acute in the source code. It also lists things like copy, trade, reg, but where it does, it's talking about translating things generated by textile. I couldn't find a list of things that it accepted and things that were converted
The other was the sanitize portion. Saving a page, at least as an update, actually calls the API version of update a page, and I would imagine that other places sanitize the input for security reasons. Also, since it's using the API, it's taking things like ✓ and sending it to Canvas that way. What comes back is ✓ -- that makes sense since it's the API that is processing both the RCE edits and the API calls made by us.
There are other files at play. There's an htmlEscape JavaScript file and probably a local version, but it's been a long day and I'm too tired to keep tracking things down now. The config/application.rb file has a line that says ActiveSupport::JSON::Encoding.escape_html_entities_in_json = true.
There was, I believe, a long time ago, a similar bug. Someone filed it with Canvas that they were converting HTML entities into & incorrectly. It might be worth reporting again. You should be able to enter a an HTML entity without resorting to looking up Unicode for it.