I had to write a microservice at work issuing the API on a separate port and the prometheus metrics on a different port. I did exactly as you did. It's been running for five years now. So far I have not noticed any security problems.

There is one thing I didn't consider five years ago. If kubernetes closes POD then I should sweep before closing. And I'm not doing that. As a suggestion I would suggest looking at “Respond to Ctrl+C interrupt signals gracefully” by Mat Ryer.