the only problem i see is one thing. once you have the access token you can access all resources in all projects.

but besides that, you only breach/change your own account. I mean keep in mind the GKE cluster does not use NetworkPolicy or other stuff to secure their cluster, too.

exposing the etcd key via the metadata service and then having etcd visible on the Internet is bad.

This means that a single SSRF or RCE bug in any application running on a cluster using this approach can be trivially escalated to full cluster compromise.