Looks nice but is it vulnerable to injection attacks?