It's designed to be used within a team environment, where you trust everyone. (Although even then, I highly recommend using it with a readonly SQL account!) I would be skeptical of any situation where you could run raw untrusted SQL without any risks, at least without reimplementing MySQL's AST parser.

As for the demo, it's isolated, and locked down as well as MySQL will allow. (For starters, just SELECT privileges.)