There is a _Roxen.http_decode_string which decodes the %XX escapes themselves (along with those peculiar %uXXXX) but it doesn't do the subsequent utf-8 decoding. I was planning on making a Protocol.HTTP.http_decode() (losing the superfluous "_string" suffix at the same time) which wraps both together.
It's not entirely safe to assume that any %XX-encoded string is utf-8-encoded underneath however, as the whole elaborate "magic_roxen_automatic_charset_variable" system in Roxen shows (although this is getting better since nonconforming browsers are starting to get rare). Still, I think Pike modules should allow the user to choose a different interpretation.
As for Standards.URI.path, it wouldn't be safe to decode all %XX escapes there since the caller then wouldn't be able to tell a quoted "/" inside a path segment from a path segment separator.