Is user or external input treated as unsafe and appropriately validated?

If this is talking about the potential for the likes of SQL injection, then yes.