Using MySQL on the server is not unsafe (providing you are aware of standard pitfalls like SQL injection).
As described above an HTTP API is an inferior approach. Performing the API functionality in Unreal will result in better performance, add no additional network attack surface, and make it easier to validate cheating.