I was wondering if you really need to escape user submitted data (widget option fields) within the widget() and form() functions (from the widget class) ?
I don’t see a reason to do this, if the data is already escaped in the update() function. Or am I missing something?
Mm, they’re not slashed, if that’s what your meaning.
However, they’re definitely not xss-sanitized. Use kses before saving, or esc_attr() on display, if you’re dealing with untrusted data.