Escaping user data in_place_editor

Uh oh,

I just got the in_place_editor_field almost working and I realized that
I was no longer escaping all user inputted text. I’ve caught the
general drift that evil people will eat my database alive if I display
nefarious input they could put in?

Is that a good reason not to use that feature?

I’m going to need to find some good bullet proof filters to put user
inputted data through regardless I suppose?

Also, what about text that appears in text field boxes when the
application pulls up user information to edit?

I guess that must be somehow escaped so maybe that same means might be
worked into the in_place_editor?