first of all, GPU passtrough in general is only to be used on a system with more then one GPU. This could be two PCIe-GPUs or an IGPU and a PCIe-GPU. For the reasons you already mentioned, it is in general not possible to use GPU passthrough on a system with only one GPU. This however, is both not a Whonix problem and in general not a real problem, as it is the only way to use a GPU in a virtualized machine.
Regarding security implications, there isn't really much I can say here, as this isn't really a Whonix, but more a KVM specific question. There really isn't any documentation (at least I didn't find any) which focuses on the security of GPU passthrough or PCIe in general...
Have a nice day,