The amavis filter was previously allowing this override so all this really changes is applying the rule at a different level. I was also worried about it making my server an open relay but I've got a membership at dnsstuff.com so ran their domain checking tool which includes a check for open relays. It passed that test so I'm fairly sure it isn't going to cause a problem.
As for being more susceptible to spam, if you're using catch-alls then that can always be a problem as you're not narrowing down the list of valid recipients to a fixed list. Anything sent to any email at your domain will be routed. If you're just using forwardings then you're still restricting the list. One thing I haven't tested is using this without catchalls set up - I'm guessing that in this case it would be rejected earlier in the postfix processing since it wouldn't be able to find a valid mailbox to route to the mail to.
The reason this change was necessary is that postfix will look at all the rules you have set up to try and route an email. From memory, I think it first tries exact addresses and if there is no match then looks at the forwarders. If a matching forwarder is found then it needs to change the recipient address from the forwarded address to the real address so that maildrop knows where to route it. If we don't have this rule then the address isn't rewritten and maildrop gets passed an email that it doesn't know which mailbox to route to.
I know what you mean about the postfix docs as well. I did a lot of reading when I was trying to find out why forwarding wasn't working and it was only after a lot of searching and trial and error that I finally found this solution.