Hello @nj2
Opening querybuilder can easily increase your chances of attacks.
1. One could generate any number of queries affecting your system.
2. If one queries on a param which is not indexed, it will affect the performance of the system.
3. One can know the entire structure of the site by firing queries.
4. Large queries will have further impact to the system
Aanchal Sikka