Web views are containers for regular web pages, and as such have very similar considerations for security.
There is always the risk of a security flaw being found that would allow an attacker to execute malicious code within a web view.
WebView webView = someView.findViewById(R.id.some_web_view);
// Only do this if you absolutely need it!
Use libraries such as OWASP's ESAPI to sanitize any input or output from the web view, and ensure that the user cannot directly control any data that is shared between the app and the web view.