Talk:XQuery/Advanced Search

Isn't this Xquery vulnerable to injection attacks? What happens if someone searches for "'][starts-with(doc("/db/passwords.xml")/users/user[1]/password/text, "0")]"? Would an extraction of contents of other documents be possible?