That depends, do you trust the people that have access to edit that ACF field?
Editors can put malicious code into ACF fields.
As far as security goes, the only people that are allowed to edit sites I build are my company and the owners of the site and people they designate to make changes.
If you are giving edit access to people that may not be trustworthy then you should consider not allowing specific user roles to edit ACF fields that can be used for malicious intent. This can be done using an acf/prepere_field filter and removing the fields from the editor based on user role.
Welcome to the Advanced Custom Fields community forum.
Browse through ideas, snippets of code, questions and answers between fellow ACF users
Helping others is a great way to earn karma, gain badges and help ACF development!