I am testing some frontend code, and I can see the code that takes input using the {{}} handlerbars, so if I entered an input = &123 , shouldn't this be converted to &123 and then stored in the server since two double mustache means the characters like '&' is escaped. When I look at the post being send to the server, it still appears as &123.
No, the HTML escaping done by {{}} only has to do with how a value is rendered into the DOM. A string entered using {{input}} is not transformed in any way by Ember, nor should it be.
In general, one does not want to HTML-escape information being held in the DB. The data in the DB should be the actual data. The HTML escaping is something that should be done, as Ember does, "on the way out" when the data is being displayed in an HTML context.
If you really want to keep HTML-escaped data in your server, then you could escape it on the server prior to saving, or perhaps in an Ember serializer. However, when retrieving the data, you'd then have to either unescape it on the server, or send it down the client as is, either unescaping it is the deserializer, or remembering that it is already escaped and putting in the DOM using {{{}}} (triple handlebars).