For contracts like an escrow, I would like to have an account (principal) where I can send money to without fearing that a developer is running away with the money because the developer has the private key. How could that work with clarity?

Here is a hodl token contract that uses such an account: https://github.com/friedger/clarity-smart-contracts/blob/master/contracts/hodl-token.clar

Can I just use something like ST000000000000000000000000000000000000001 (if this would be a valid principal - which isn’t) and hope that everybody will believe me that I don’t have the private key for this account?

How to find a valid principal?

I found one in the code: 'ST000000000000000000002AMW42H

Each principal is a 25-byte string that is encoded using Crockford-32 alphabet. The 25 bytes represent the exact same data as a Bitcoin address: it’s a 1-byte version, a 20-byte hash160 of the public key (or redeem script), and a 4-byte checksum.

using the hash 4000000000000000000000000000000000000000 gives nice addresses with the “correct” length:

ST100000000000000000000000000000001YKQJ4P
SP1000000000000000000000000000000020WR0A9
SM100000000000000000000000000000003DDT2PK
SN100000000000000000000000000000003CP1Q2M