What are the security implications of using developer options?
You have to enter the owner user pass/PIN when enabling Developer options.
If they are enabled its possible for anyone who manages to get hold of the unlocked device to use adb which provides highly privileged access.
In general Developer options are not meant for general usage. They are meant for developers testing devices or apps. They may make unexpected holes in the AOSP security model.
They can also cause unexpected breakages. The GrapheneOS team has encountered a few cases over the years where users phones broke and it took a lot of effort before it was discovered that it was down to users changing things in Developer options. For example a number of users devices became completely unresponsive to screen input after an update. It turned out they had all changed the Display cutout in Developer options to one particular option. It took quite some time to find and fix the problem and then send out a new update which fixed the issue for them.
Same for changing things via adb, people messing with magisk or similar, disabling system apps and changing permissions of system apps.
It is advised not to do these things!! Some are terrible for security and all of them can cause unexpected breakages that can be very hard to diagnose!
If you do them and your device starts misbehaving they are a very good place to start looking. Also if you reach out for help it can save A LOT of time for everyone if you let people know that such changes have been made.