It can be either your best friend or your worst nightmare. Which side of the fence it falls on depends completely on how you manage it.
Normally Terraform will refresh the state when you run Terraform Plan, by comparing real-world resources with what is currently in state.
How to secure your Terraform state data
You should apply the principle of least privilege, and a state file that is used to manage resources across multiple workload teams can be a security risk, so you should keep your configurations modular, which will lead to smaller and easier to secure state files.