To be totally honest with you, I wouldn't allow users to use full blown regexp search (even if they don't know explicitly about it) because it's an overkill in my opinion.

One of the other concerns could be sending the regexp engine into a never ending loop with a malicious regexp, it can be done, that's an attack vector for a (D)DOS.