This article shall help you when if you have questions about concerning security if you are while planning to use the SharePoint Online Connector.
Scenarios
First a general note: There is no code from SharePoint (Online) executed on the Confluence server (or the other way around), as all the integration happens in the browser. So the only attacks are possible via client side (browser) scripts.
...
The content embedded from SharePoint in Confluence might contain malicious scripts which could harm Confluence (or the other way around)
...