FUSE should be slightly safer by running the filesystem in userspace, it will be significantly slower than unprivileged overlay though.
There’s no security concerns that I’m aware of with exposing /dev/fuse to the container, FUSE has been properly namespaced or a while now and we expose it by default to all LXD containers.