PHQL Model::findFirstByX($x) SQL Injection

Hello I'd just like a confirmation on that if when I use Model::findFirstByEmail($email) for example, that the statement is somehow (binding) protected against SQL injection from $email or should I use something else.

yes, phalcon binds param internally.

you can see it here in zephir: lines start 4091 to 4097