Are the queries themselves displayed or are the results displayed? If the results of those queries are being output onto your homepage it’s a potential security vulnerability.
The query returns user data including username and password hash for user ID 1 of the wp_users table, which is the administrator user that WordPress creates when first installing.
I recommend changing the administrator’s password and removing the code from the homepage, and checking other template files for similar code.
Also its generally a bad practice to run SQL queries in theme files, as there are built-in functions in WordPress for accessing user data.