When you talk about "secure", are you worried about secure transmission between AML and ADF, or secure storage of your DB query information?
For the former, all communication between these two services will be done with HTTPS. For the latter, our production storage has its strict access control. Besides, we only log the count of the global parameters and never the values. I believe it's secure to pass your DB query as a global parameter to the AzureML web service.