I don’t think that there is much risk of an Android app running in Anbox getting unauthorized access your Linux files. Also everything is free software (LXC, Anbox, AOSP) except for the proprietary Android app you are running, so it is auditable and people who write malware for Android apps aren’t expecting people to be running Android inside a Linux container, so they aren’t writing malware for that.
The greater problem is that most people will give Anbox internet access and the Android app they install will send their personal data to Google, Microsoft, Facebook, Amazon, etc.
The other problem that I see is that we are creating less incentive for people to work on creating a Linux solution to the problem. To use my TTS problem as an example, there is less of a chance that smart programmers are going to work on good TTS support in Linux as long as everyone can use proprietary TTS through Anbox.