Is unity viewer safe?

Not sure its called like that, but the thing in the browser doesn't seem safe.

Unity enabled running C# and in C# you can easily break execution into C++ execution which can do pretty much everything it wants under the browsers permissions.

It is save ;) You can't use reflection in webplayer and a lot of other things. Sockets can be used but you can't open a listen socket. Even sockets are domain restricted. Native code plugins also won't work in Unity-webplayer. They have done what they can to make it save. So far I haven't heard of any exploits of the webplayer.

Just take a look at the Security Sandbox page