"Is GraphQL secure?"
Unlike frameworks for RESTful services, I haven't come across a single graphql library or framework that provides input validation and access control support. You have to write and wire all the security controls yourself.
GraphQL will be great, but for the moment it moves security controls backwards on API services significantly.
Here's a decent talk that goes into more depth on some of this: irongeek.com/i.php?page=videos/der...
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.