Making the user manually escape parameters (and be very careful not to miss any) seems at odds with the goals of ease of use and maintainability. Most template libraries do this automatically by default.
For the record, I love this project's minimalist goal. Having said that, I agree with the other commenter that escaping by default (with an opt-out mechanism) is probably the better choice.
I don't even think this violates your prioritization because it should result in less code when considering an app in its entirety (framework + logic).
