David,

I make SELECT queries to s01_tables of product reviews, vendors and blog posts that I created.

Are the updated versions of toolbelt and Spliced Media SQL Query Component module safe to make SELECT queries?

Would it be safer to move those tables to a new DB that those modules can query?

That would be ideal to have them in a separate database if that is an option for you; i.e. the same queries are not doing joins against native store tables, etc. If you're querying the store database for custom tables, then I suspect credentials have been stored in the store at the template layer, so that opens a big can of worms for attack vectors and non-logging of activity. Separate database means only what's in that db is now in play for this code/template/etc being exploited or credentials discovered.

It appears that toolbelt and spliced media use prepared statements to form queries so are the credentials accessed at the module level?

Is it safe to use toolbelt and spliced media if the credentials are at the module level?

A separate DB is an option but would I then need a module with different credentials?