In helping another admin on our site I gave the following advise, but not sure it is 100% correct. Can those who known just proof read it and let me know if any part of it is wrong.
This is in the context of using the theme preview button.
Since themes are just CSS and JavaScript running after the text for the post has been returned from the SQL query and does not update the database, AFAIK it is totally safe, the worse I expect you can do is mess up the single HTML page you are previewing.