Use html_escape for user input when you don't expect html content.
For example first_name shouldn't contain html, and you want to escape special html characters like &, ", <, or >.
Use html_safe for fields that has html, but html which is sanitized previously.
For example for article body there should be some <p> tags but not <script> ones.
So before saving content to database it should be sanitized.