It’s fine so long as security.privileged isn’t also set to true.
For unprivileged container the setting just loosens an additional AppArmor safety net (primary security mechanism is the user namespace) and it passes clear copies of procfs and sysfs to avoid issues with over mounting.