As long as you don't set "Disable Safety Check" to "Yes" on the element, we let J! run the standard file checks on it - the input filter's isSafeFile() which checks for stuff like PHP tags, makes sure it's an image if it uses an image extension, and a few other things.
There isn't really any way to check for doc vs executable, as there's no reliable way across architectures to definitively tell the difference from PHP, they are both just binary files which have no real consistent identifying characteristics. But as long as your umask is correct on the server, so you aren't setting newly created files as executable (it would be extremely weird if this was happening) that shouldn't be an issue. They might be able to upload an exe disguised as a doc, but the server would never allow it to be executed.
So I guess the bottom line is that Fabrik's uploading is no more or less safe than any other uploading in Joomla.
-- hugh