The sandboxed solution is safer for the farm
Why is it safer? Because it has restrictions "what can be done"
Here are restrictions and suggestions if you discover that the restriction is critical to you:
1. Scope - Site Collection. A sandboxed solution can reach the resources within the site collection.
If you want to reach data out of the site collection scope - choose the different type of the solution (Farm, BIN, Hybrid)
2. A code can't use SPSecurity.RunWithElevatedPriviliges
Consider carefully whether elevated permission are really necessary.
3. Logging is unavaliable
To get logging functionality - use a full-trust proxy from patterns and practices SharePoint Guidance Library
4. Configuration settings handling is restricted:
You can't read\write from\to web.config file.
You can't store\retrieve settings from the hierarchical object store and property bag
You can use SPWeb.AllProperties, a list to store settings
5. The deployment any files to the file server is not permitted.
Use a Module element to deploy your files to the content database. Keep in the mind that you still have to specify the type="Ghostable" or "GhostableInLibrary" (SharePoint– Ghostable and GhostableInLibrary)
6. Sandbox worker processes are terminated if they run for more than 30 seconds.
Deploy a workflow action that you access through SPD WF, a timer job , or a service application using a farm solution. This suggestion implies the Hybrid solution ( one is a sandboxed, another is a farm solution with a proxy to serve a sandboxed requests).
Through using Silverlight\ Ajax application a developer will overcome some of the limitations of the Sandboxed solutions such as:
- call an external service;
- access data across the site collection boundaries;
- reach more advanced capabilities of SharePoint (ex. the user profile service)
*The source of inspiration is Designing Solutions for Microsoft SharePoint 2010: Making the right architecture and implementation decisions (Patterns & Practices)