This browser warning means that the component is not actually “sandboxed” from the rest of the Streamlit app (which is intended - the blog post you linked goes into more detail about why we’re ok with this).
The threat vector that the browser is warning you about here is the component itself - Streamlit does not prevent components from reaching across the iframe boundary into the parent Streamlit app. If you trust the component’s source code, this is fine.
In other words, there’s nothing inherent in Streamlit’s component system that makes Streamlit more vulnerable to malicious users. But a badly or maliciously written component can “see” everything else in the Streamlit app, so you should treat Streamlit components just as you would with any other third-party dependency: if you don’t trust the component, you should not include it in your Streamlit app.