Thanks for the q (I work at Deepnote) - all outputs that can contain potentially malicious JS are sandboxed in iframes so they can only access their local context and can't be used e.g. for XSS attacks.