there is practically no attack vector in using infura.
Infura can't fake your can't fake your cryptographic signature. Worst case, they censor txs from your address at which point you can run your own node.
I'm not even talking about an attack vector. I'm talking about a centralized system that is recommended by other developers when Ethereum keeps on making claims of moving forward centralized systems.