You should still use htmlspecialchars() and similar functions. CodeIgniter do not format, escape or filter the database output for you.
What it does, when using the Query Builder Class, is escaping you queries that insert/update data in the database.