As far as I can see, the Data Validation documentation on WordPress Codex does not mention whether the delete() method SQL-escapes input or if I need to do this myself. As I am developing a very important WordPress plugin, I wanted to be absolutely sure WordPress SQL-escapes 'WHERE [...]' input for me. For others looking for the same answer, yes it does - as far as WordPress version 4.2.1 is concerned (the most recent version at the time of writing). You can find out for yourself by searching in the wp-includes/wp-db.php file. The entire delete() method as seen in 4.2.1:

PHP Code:
public function delete$table$where$where_format null ) {
    if ( ! is_array$where ) ) {
        return false;
    }

    $where $this->process_fields$table$where$where_format );
    if ( false === $where ) {
        return false;
    }

    $conditions $values = array();
    foreach ( $where as $field => $value ) {
        $conditions[] = "`$field` = " $value['format'];
        $values[] = $value['value'];
    }

    $conditions implode' AND '$conditions );

    $sql "DELETE FROM `$table` WHERE $conditions";

    $this->check_current_query false;
    return $this->query$this->prepare$sql$values ) );
As you can see at the bottom, the prepare() method is used which SQL-escapes input for inclusion in the query. See: https://codex.wordpress.org/Class_Re...ection_Attacks

Hope this helps.