It depends on how you expore your InfluxDB. When you add a data source to InfluxDB via the proxy mode you give all your inflxudb users full acess to InfluxDB (with the influxdb user you used, so all the permissions you have given that user in influxdb). So you use use a InfluxDB user with admin permissions user then yes any user could do some destructive things-
The main thing to think about is that even if you expose just one dashboard the InfluxDB is going to be accessable, so any user who know http can issue any query as Grafanas data source proxy will allow the requests if the user can authenticate with Grafana.