Global GCE instances within your project, yes. Not every GCE instance everywhere, that would not be very helpful :)
If you wanted to have some instances that couldn't talk to your database, easiest thing to do is probably throw them in a separate project or create a new subnet that you firewall off and create your non-App Engine instances in that subnet.
If you wanted to have some instances that couldn't talk to your database, easiest thing to do is probably throw them in a separate project or create a new subnet that you firewall off and create your non-App Engine instances in that subnet.