WordPress used to have a feature to edit PHP plugin code through the browser and it was a security nightmare. If you allow code editing, I suggest disabling it by default and when an attempt is made to enable it, send an email to the site admin to confirm before enabling.
Hi! The templates use Liquid, a very simple but powerful markup language based on HTML. It takes a few minutes to learn! It's the same markup used by Shopify - they created it https://shopify.github.io/liquid/
It's very safe though, it cannot execute harmful code :)
Do the templates contain code?
WordPress used to have a feature to edit PHP plugin code through the browser and it was a security nightmare. If you allow code editing, I suggest disabling it by default and when an attempt is made to enable it, send an email to the site admin to confirm before enabling.