It's not there incase you forget to escape the data; It's there so you DON'T need to.
This about it this way.
$Query = MySQL_Query("SELECT cols FROM table WHERE data1 = '$Data1'");
Ok, so as you probably know, if $Data1 contained any unescaped single quotes then the query can be changed, because it's converted into a string BEFORE being sent to MySQL.
But for PDO:
$Query = $Database->Prepare('SELECT cols FROM table WHERE data1 = :data1');
That SQL is sent to the database engine, so that the database engine knows what it's doing without needing the values yet.
That value is sent separately from the SQL string - it's sent on its own - the value you give it is taken literally, bit for bit.
So, whereas with MySQL_Query where your values are sent WITH the SQL, allowing changes in the SQL if unescaped, in PDO the values are sent separately, so it's impossible for it to affect the SQL.