Q: 1.) Is this browser compatible?
Yes, for all browsers supporting jQuery data(). jQuery is generally supported by most modern browsers.
Q: 2) Are there any security concern to be aware of as compared to using wp_localize_script?
wp_localize_script() is mainly doing the same but it’s keeping the data on the serverside and not within the DOM.
As always, making use of javascript and interacting with the DOM has security implications. You need to follow the rules to properly en- and de-code any arbitrary data safely so that injections can not introduce unintended behaviour.