Modifying the editor role by adding new capabilities will grant users editor capabilities plus these new capabilities. As long as you’re comfortable with that level of access, there aren’t additional security concerns.
If you want to create a new role which is what I recommend for this scenario, you can craft the capabilities according to your needs and only grant the capabilities you want these users to have.
The only concerns I would have with updates is if the core WordPress editor role were to change in the future.