yes, there’s also (again) third party plugins which might expect escaped parameters and either get broken or vulnerable.
i rewrote tt-irc to use PDO recently. it wasn’t that bad and only took me maybe two hours. then again tt-irc has less than 100 queries, most of which were static - that’s nothing compared to the sql hellscape of tt-rss. jquery switchover is more realistic overall (no conflict mode could help).
e: tbh while going prototype -> jquery would be easier there’s really not much point in it. switching to PDO would mean tangible sql injection improvements and the end of escaping mess, going jquery would, uh, make the code a bit shorter i guess.