Safety of using DISA

I’m trying to add DISA into my phone system and so far so I have something like this:

exten=>in,2,DISA(no-password, local-calls)


It works fine, but I’ve heard that’s not safety solution so here are my questions:
Why is this not safety? I’m allowing only to making local calls with DISA so there shouldn’t be any way to dial out external number.
What should I do to make it more safety? I don’t want to require any password, everyone who is calling to me should be able to use DISA.

I can’t see any problems with the way you are using it, although using a voice prompt and waiting for an extension to be dialed works fine as well.

I think the safety thing is that DISA is the number one target for telephone hackers on more traditional PABXes, because most people use DISA to provide toll access to outworkers (and note that not all countries have free local calls), and people use weak passwords.