I started playing with the Underscores starter theme and noticed it uses esc_html_e() even on plain text:
<a class="skip-link" href="#content"><?php esc_html_e( 'Skip to content', '_s' ); ?></a>
Is it any security risk not to escape it like so:
<a class="skip-link" href="#content">Skip to content</a>
… or is it there just for the sake of translation?
Thanks.
The security risk here is not about the plain text but about translation. You should note that esc_html_e is not only a function for escaping HTML but also for localization (l10n). I.e. other people can translate this String but you don’t know what the translation would be. It is possible that somebody translates the String and adds a link or some malicious HTML. Therefore it is better so escape HTML in this case.