So not actually all that safe since sandbox escapes happen all the time. PDF.js has had many vulnerabilities as well