Yes, using Firebase Remote Config for managing critical data like SSL pinning and Base URLs poses a risk unless combined with additional validation, security practices, and fallback mechanisms.

Requires Additional Validation: To be safe, you must implement proper validation and security practices when using Remote Config for these sensitive configurations.

Fallbacks Are Necessary: Always have fallback mechanisms in place in case the remote config is compromised.

Safer Alternative for High-Security Apps: For apps with high-security requirements, embedding the public key or certificate directly in the app binary is a safer approach, as it avoids the risk of remote tampering.