It may not use these specific functions, but it has security that should prevent any SQL injections, which is what your concern is.
There are no reported cases of SQL injection with the current code. If you have an example of a security hole that can be exploited we would be very interested, but I don't think you can find one even without using VTK.