It is safe to use GraphQL for internal use cases, like your internal apps or parts of a bigger picture. You expose your data only to “trusted” developers. But to expose your critical data and DB schemes outside can be dangerous, ideas can be easily stolen.