I don't think escape codes are a trick, they are the primary means to set colors, title bars, etc. and to claim VT100 or better emulation requires all sorts of features through escape codes so that any program which can output text to a terminal can also use those features. Some features in the terminal can involve running a command. In many cases this isn't a problem because any program you run from an interactive terminal runs with your permissions anyway so there is no need for any special security handling, it's just in this case where a program can output text from an untrustworthy source that will be interpreted by the terminal that isn't sanity checked where you can have a problem. We've had the same problem in the past with viewing logs which could contain escape codes in a terminal.