While Shrek 2 is an overall insecure game, you will rarely ever be maliciously attacked via Shrek 2. Despite this, it is important to understand what can and cannot harm your computer when installing any sort of modifications for Shrek 2.
Unfortunately, Shrek 2 features 2 potential RCE's (remote code execution) exploits which can allow an attacker to run any code on your computer. Fortunately, the two methods in which a hacker may attempt to utilize these exploits are very easy to catch.
Method 1 involves adding a new .exe into the game's System folder. The .exe will be named GSpyLite.exe, and if you are adding that to your game's directory, this may mean that whatever modification you're about to run is going to run its own external code. This is not necessarily a security risk in it of itself, if you trust the creator of the modification you've installed. If you do not trust the creator, you can safely remove GSpyLite.exe with no further issues. This is the most common RCE.
Similar to method 1, method 2 involves directly replacing a file in the game's System folder, typically being game.exe, or rarely a .dll file. If you do not trust the modification author, do not replace the stock game files with the modification's modified ones.
The exploits mentioned above are easily the most important to know about, but here's a general list of subtle vulnerabilities that some may try to use in order to attack you in some way or another. Any modification that involves adding a .u file into your game's System directory or adding a .unr file into your game's map directory has the risk of:
Creating potentially malicious files that strictly contain text. These sort of files will likely be simple executable files, such as batch files (.bat) or PowerShell scripts (.ps1). While it can create these files, you are at no risk unless you run the file manually. Do not run any new file that is created unless you trust the modification creator.
Corrupting your game's directory. It can do this by modifying each stock file individually and making the data file only contain " ", thereby irreparably destroying the game's directory. There's nothing you can do to prevent this, but you can make backups of your game's directory. As a reminder, this particular malicious behavior is limited to work strictly from within the game's directory. No UnrealScript modification has the capability of modifying files outside of the game's directory, without using the 2 easy-to-spot RCE's listed above.
Potentially showing your clipboard in the game (what you've last copied), which can very rarely result in leaked passwords or other personal information. You can prevent this by making sure your clipboard is empty before running the game.