As a matter of fact is unsafe to run untrusted scripts on cssed. Not a cssed's failure, simply is not safe to run untrusted scripts in your system, period.
To try to make things a bit easier cssed will not load on the menu byte-code compiled python, but only plain text scripts. At least you'll have the possibility of reading the script before to run it. This does not mean one script cannot load byte-code compiled scripts, so distrust scripts with are shipped with byte-code compiled python, but in the case you know quite well where they come from
Remember that python scripts will have access to all your user's files - or to all files you have permissions to read/write - and to all libraries in your system, including network libraries. Always try to verify what the script does, and in doubt post it on cssed's support forum or mailing list. Both are accessible through cssed's project site.