I don't know how this is organized internally but these images are selected by "the QEMU community". I would assume if you trust QEMU (the program) then you can also trust these images.
QEMU powers clouds, and can be run KVM accelerated. You're safe. If you don't trust QEMU, stay well away from any cloud service.
Note though that QEMU's security boundary only covers running with KVM (see https://www.qemu.org/docs/master/system/security.html). So if you're running without KVM, ie using TCG emulation, you should either only run guest code that you reasonably trust to not be malicious, or run the whole QEMU itself in some kind of sandboxing.
better than modern web browsers for sure. qemu guest escapes are mostly in rarely-used peripheral devices, most recently the floppy driver. for less-trusted guests you can simply disable such devices though.
if you say "but what about the defaults", look at the number of new web interfaces though: web audio, webgpu, webusb, webgl, html5 audio/video, several media decoding interfaces... all of them with new and exciting vulnerabilities, most can be disabled but enabled by default.
Maybe I’m beings little paranoid, and I probably don’t understand how good the sandboxing of QEMU is, but am I the only one who thinks it’s a little dangerous to download and run a surprise virtual machine every day? I mean, no one would do this if it were a shell script, right?