I have mixed feelings about the bug report. I think there's a case for considering that the shell syntax requires the escape, not the Dockerfile, and that the newline should be escaped in the original string.
I've drafted a patch for the problem, though. I'm also wondering where the escape should apply, only RUN instructions, or to a lot more places?

I don't mind if the escape are not added but I think the library should check that the string given as input is welformed and is not going to escape its scope and create a new section. e.g.

run "%s" input_from_user

if input_from_users = "true\nA-NEW-MALICIOUS-SECTION", then it would create a potentially dangerous Dockerfile:

RUN true
A-NEW-MALICIOUS-SECTION

I also think this check should be done in all the places a raw input is outputted (most instructions i suspect)