Consider something like the following:
echo esc_html(
sprintf(
_nx(
'%1$s Comment on “%2$s”',
'%1$s Comments on “%2$s”',
$comment_count,
'Comments Title',
'theme-text-domain'
),
number_format_i18n( $comment_count ),
get_the_title()
)
);
Where you build the entire string with sprintf
and escape that.
The coding standards are clear that you should always escape output, and do so as late as possible. As you’ve noticed, however, even the default theme doesn’t adhere to them exactly.