Meta XR headsets are very cheap for the performance they give. Unfortunately they require a Meta account and one can assume as much data as legally possibly is sent back to the advertising company.
For years now, since the Quest 1, those Android devices have not been rooted except for some specific version number of the Quest 2.
This recent work https://github.com/FreeXR/eureka_panther-adreno-gpu-exploit-1 makes the latest headset with a rather recent update (but NOT the very last ones, so be cautious!) rootable.
It is indeed a risk AND you must pin your current OS version, so no new update including no new feature (not sure which one one would need for now though) but more importantly no security updates.
That being said… if you do not actively try to mess it up, i.e. doing precisely what has been warned against NOT doing, it should be safe.
In doubt, if you can’t afford another headset, have no actual need for rooting and have never done that before, definitely safer to wait.