Yes, that's the general consensus in the comments. It doesn't even sound safe to me and I'm not a full security pro. But OP did it as a PoC/for fun. It's okay to have fun still.

It's not what OP did that isn't safe, it's the mechanism that he used in HarfBuzz.

Sorry for not disclosing everything that could go wrong, but you seemed to have missed my point while trying to be exact.

Again, thanks for missing my point.

I believe your point was "it's ok for OP to have fun with this project even if it's unsafe", but no one's saying that OP shouldn't have done this, since it's not what they've done that's unsafe. But if that wasn't your point, then OK, yeah.