Yes, in this particular case, it doesn't open a security hole.
But scrub all your inputs anyway. That one time you forget, it will be a cosmetic error due to double encoding instead of a security hole due to no encoding.
I don't really get this criticism. This is a client-only app. Scrubbing input on the client is a bad way to avoid XSS because an attacker can modify the client. So teaching developers to sanitize strings in their frontend JS is not helpful. Why do we care what she does on her single page side project?