1) Not exactly sure what discourse is doing here. Because markdown is rendered into HTML, it needs to use the unescaped output. Otherwise the HTML generated from markdown would be escaped. Discourse does seem to have html sanitization within the source code, allthough I'm not sure when it is applied.
2) I would say no. JSON is not an executable format. So as long as text is treated as text etc. then there is no issue. As a general idea, a good reason for not escaping server side, would be a mobile app which was using native controls to display text. A single page app and a mobile app could use the same JSON api, but escaping would not be necessary for the mobile app. Additionally escaping requires a context. The OWASP XSS Prevention Cheat Sheet defines a set of contexts which require different escaping. So a single escaping on the server may be the wrong one.