This article shall help you if you have questions concerning security while planning to use the SharePoint Online Connector.
Scenarios
First a general note: There is no code from SharePoint (Online) executed on the Confluence server (or the other way around), as all the integration happens in the browser. So the only attacks are possible via client side (browser) scripts.
...