Add any object, like a rectangle for instance, double-click it, add some text, and save.
Results in the above error.

This error is generated in ./includes/upload/UploadBase.php which checks the uploaded svg, and finds this (non-whitelisted) namespace. It refers to this issue: https://phabricator.wikimedia.org/T62771 which in turn points to https://bugzilla.mozilla.org/show_bug.cgi?id=966734. Apparently this particular namespace can result in a persistent xss vulnerability.

I guess this namespace is generated by draw.io. Since you probably are more well-versed in this matter, what's the next step?

EDIT: using png works.