Thanks, @lukasbestle . Technically, everything but html content from rich editors must be escaped. Even src and href attributes if they contains entities (like urls with query string). ($page->url() in kirby doesn’t seem to contain entities only ascii paths)
I am actually not very fond of automatic escaping :-), because I cannot tell which is and which is not. My actual question was about the examples in the videos, where $page->title() field for instance is not escaped (while in the kits is, as it should be). Thanks anyway.