You'd of course do it inside a controlled environment, via virtualization or similar technologies which let you monitor, veto, or roll-back anything the analyzed program does. (And if it's malicious/sneaky enough to escape that, then it wasn't safe to use in a manual fashion, either.)