There is another pitfall where a manually-created whonix-ws-based VM will inherit the default dispvm of the system (System Tools > Qubes Global Settings). This could potentially be a clearnet VM, which can then leak IP if the whonix-ws-based VM is compromised (e.g. it can open an html page in a clearnet browser that fetches a 3rd party resource).
It’s a non-issue for the Salt method - in fact, I believe this was one of the pitfalls that motivated automating the setup in Salt in the first place (the other being application of the anon-vm tag).
It’s also a non-issue if you’re simply re-using the existing sys-whonix, anon-whonix, of course.
It’s an issue for manual creation, though.