Are you suggesting that it is possible for me to put destructive code (if even by mistake) in the box and reap the results?

It is very likely that it's possible to enter a regex that will make the editor (or at least the thread in the editor that does the search) hang. Just try the regex from the blog post I linked to, with the same test data as the blog post uses.

But it is unlikely that you can execute arbitrary code from the search/substitution box, unless the author of the editor screwed it up.