Can see future issues with a moodle installed inside another moodle code base. Each moodle has it's own code directory, DB, and moodledata directory.
1. backups - making an archive of contents of public_html will include both sites/code directories if not careful. So if one had to do a full site restore from a backup, one would have to be careful not to also restore the code base of the moodle (sandbox) contained therein.
2. updates and upgrades to the code that sits at public_html ... special considerations to keep 'sandbox' code in place. Plus confusion in first step of updating or upgrading ... copying out/keeping the original config.php file + any addons being copied back into new code base acquired from the updated or upgraded code.
Read Moodle docs on how to upgrade:
and how to create site backups:
If you've not gone to far in developing the initial moodle, consider the following:
@ root of public_html, a static index.html page that has links to production site: now in a subdirectory called whatever you like and to the 'sandbox' directory ... your development/test instance.
Why? In today's internet, everything is scanned by those that might try to do harm to your sites. While providers should have WAP firewalls to help protect, one can avoid such scans ... most bots really don't know the organization of your site ... they point to your top level domain ... ie, whatever is in public_html ... they won't get much to attack with a static index.html page.
My 2 cents, of course!