Are views safe to have other people editing them?

Hi All,
I'm working on a project in CI, where there might be other people creating and editing views.
I will restrict FTP access so they only can access the views.
But...
Will they be able to run DB queries?
Or will they be able to view config files or other code besides the views?
I can image for example, that they can run a directory list on the config folder for example and retrieve the DB password.
Is that even possible within CI?
I don't know who will be editing the views, but given the projects' details, it can be anyone.... trusted or untrusted.