Requesting URLs such as `file:///etc/passwd` would result in viewing the contents of arbitrary files upon the host. A common security problem I've discussed in the past:
api2pdf is a wrapper for wkhtmltopdf and headless chrome, so whichever options are available for those services, would be available through the API. For 10,000 PDFs in one month, printfriendly costs over $200 and api2pdf costs a couple of bucks.