The biggest news is that you can use the top 100 or so crates now, but there's also Clippy integration and a simpler editor for accessibility / mobile / security conscious users. Thanks to @stebalien, @leonardo, @comex and @cuviper for the feedback and suggestions!
It depends! I'm more than happy to have holes in the sandboxing found and reported. I don't have any money for a bug bounty program, so all you can get is Open Source credit
If you think that you are really likely to break it, I'd be happy to set up (or help you set up) a test server to attack; keeping the primary one usable by others. You can also run it locally which might make it easier for you to experiment.