Is it safe to use SQL to INSERT new rows directly into the table currency_currency_rate without going through the UI?
Alternatively, can this be done through the REST API?
No because you skip all the data validation.
You can use JSON-RPC or XML-RPC. You can also use proteus as facility.
But it is probably better to make a module like the currency_* to automate the fetch from the source.