Is it safe to publish to IPFS when deploying in Remix?

Could hackers use the metadata?

Should I redeploy the contract?

Since smart contracts cannot be changed it seems like a bad idea to let people see the source code/meta data despite mine being imported from OpenZeppelin.