sappy_junior728 Are there any privacy and security concerns if I get a used Google Pixel device and flash it to GrapheneOS?
None that I can think of.
sappy_junior728 Is there any chance there could be malware or viruses that could linger even after a factory reset and then flashing to GrapheneOS?
Extremely unlikely, especially with a used Pixel that is running the latest up-to-date Stock PixelOS. It is recommended to update to the latest Stock PixelOS but isn't absolutely necessary.
It's best practice to update the device before installing GrapheneOS to have the latest firmware for connecting the device to the computer and performing the early flashing process. Either way, GrapheneOS flashes the latest firmware early in the installation process.
Source: https://grapheneos.org/install/web#prerequisites
sappy_junior728 Is there any chance previous data could get mingled with GrapheneOS?
No. I'd suggest reading the GrapheneOS Web-install documentation. Data is wiped multiple times during the process.
Unlocking the bootloader will wipe all data
Flashing factory images replaces the OS and wipes the data
The initial install will be performed by flashing the factory images. This will replace the existing OS installation and wipe all the existing data.
Locking the bootloader wipes the data again.