for most use cases it doesn't matter because you trust everyone who can connect to the redis server. however, it was possible to CSRF against dev's boxes and some people offer cloud redis and might not properly isolate the redis instances. probably most DBs that offer scripting languages are vulnerable to RCE.