The WebODF developers take security very seriously. WebODF runs in a browser and web browsers are the most battle hardened sandboxes available.
WebODF has no more access to your hard drive than any unprivileged website. If you press the icon to open a file, WebODF asks the browser to let the user pick one file. That file, and only that file that the user chose, is then passed to WebODF so it can open it. This is no different from an HTML form for uploading files. The difference is that WebODF does not need to even pass the file to a server. It is a client-side library that can parse a file purely in the browser without any network access.
WebODF is set up such that you only need a few files to run it and all those files can be hosted on your own server or placed in your own application. There is no need for any reliance on any 3rd party.