Best Practices for determining if a drupal theme is secure?

I am a little new to drupal, but one common task for many people is to get theme(s) for their drupal sites. I understand just enough to know a drupal theme could perhaps have a security flaw e.g. xss if check_plain, check_markup, filter_xss not used properly?? However, I like many other newbies do not have enough knowledge to properly test this. (Yes, I did try reading some template preprocess/process functions but w/o an automated theme security test it is rather hard for a newer person to be sure.) In a "parallel universe", I know that twig (symfony2 php framework) automatically escapes ALL templates - thus handling security at the templating engine level not at the actual theme file level - which seems safer. After all, theme developers or designers may not be that aware of xss for example. One of the RAD tools I was looking at is artisteer which seems to be quite popular, however I am not able to adequately determine the security of the generated themes -- does anyone happen to know the answer? Like I said I am a bit new to drupal so sorry in advance if I am asking a stupid question or have misunderstood something basic.