Haha this is just awesome guys
Great job everyone, congrats to the winners, especially the first 3, it was a good, healthy fight
Check this out if it’s about digital products: http://themeforest.net/item/marketify-marketplace-wordpress-theme/6570786?WT.ac=solid_search_item&WT.seg_1=solid_search_item&WT.z_author=Astoundify
Only two of themeforest items in that bundle were WordPress themes. Other two are a Muse template and a html template.
You should escape theme options data when it makes sense to escape it.
Once data is stored, there is no more security questions about it, it’s there. You should sanitize that when you save it. But on the output, you only escape, and only when appropriate.
You escape the data based on where you use it.
If you use it in attributes, you would ofc use esc_attr() on it etc.
Just play it smart and you will be ok, the goal is not to “ESCAPE EVERYTHING!!!” but to minimize the possibility of failures due to wrong usage of your products.
And believe me, buyers will find a way to use your product wrong