I believe this will be needed in the medium to long term, to add another revenue stream to Anchor’s idle reserves, risks (if we ignore the obvious smart contract risks) could be divided into own protocol attacks and other protocols attacks.
If we do allow for flash loans, one of the easiest way to protect Anchor from a recursive attack would be to make sure that after a flash loan that address could not interact with any other Anchor smart contract within the same block, therefore kiling any avenue for recursiveness. There’s also the potential issue of the funds being used to drive prices down on collateral and being used to drive liquidations and purchase of the collateral at a discount, but with the 10 min activation window on bids it would require more than a flash loan to pull this off.
As for the risk of it being used to attack some other protocol, there’s nothing we could do imo.
I’m no expert but this is my current thoughts on the matter.