docs: add warning in 'to_sql'

Author: gmcrocetti

pandas/io/sql.py

@@ -750,6 +750,11 @@ def to_sql(
     """
     Write records stored in a DataFrame to a SQL database.
 
+    .. warning::
+
+        This method can run arbitrary code which can make you vulnerable to code
+        injection if you pass user input to the `name` argument.
+
     Parameters
     ----------
     frame : DataFrame, Series