Re: Not security issues
Libraries do some of the work. For example psycopg2 (AFAIK all API's sticking to the Python standard) will quote a string value for you whereas Postgres syntax requires a quote when inserting a character type. Its one less thing to worry about/get wrong. Probably more a convenience that may prevent a bug (most likely one you would spot in development) than a security issue but still one less thing to worry about/get wrong.