It was a stupid question !! I just had to test myself
So until now, it looks safe. All html code that I pasted (or wrote) in TinyMCE seems to be interpreted as simple text ...
I used the CDN from jquery.com (not the same as in e107) and, if I do a "preview" part of the URL is removed, just the integrity fingerprint is kept. If I post directly, it simply displayed as "code" and nothing is downloaded (checked with the "developer tool" of Firefox)
However, the way it works is a little bit strange/surprising. I never used explicitely the "code" tag, but some part of the pasted html was converted and displayed by Geshi, while the rest was simple text ...
I think, I can live with this
Thanks for your answers
ericc