One method is not safer than the other just based on OS or Database server security. It all depends on your security settings for both SQL Server and OS. I would keep my images on a network drive that has been dedicated to just that, images. Keep the partial path of the file. Do not store the IP address/servername in the file path because it will eventually have to be moved and then you will have to change all records in the database to reflect this change.
As far as "safe", this depends on what you are referring to as safe. I am having to put files inside of a database right now simply because the customers network settings vary so much that keeping this rather small files in the OS would keep some users from viewing the files. With this I know that I am affecting every other user of the SQL Server, but there is no other work around for this.
Remember that PDF files are read onlyu anyway, so users will not be able to edit them that easily. You can create a share on a server that keeps your files and allow users specific access to the share.