Submitted because I've been working on a site built using psycopg2. The need to never format queries with user input, and instead to use the builtin methods which perform the formatting safely on execution, is mentioned throughout the documentation. This change would allow one to write a function which actually enforces this requirement.