Correct. Intended for library authors to do that. A SQL library, for example, could accept a template type and mitigate against SQL injection for you.