The implications are just what you think they are, and that’s why nobody who cares about security should use Homebrew for anything serious, or at all.
Installing Homebrew as recommended means that from then on, any
process or application you launch can write anything it wants into the
first directory that gets searched for command line binaries, change
its mode to execute and give it the same name as a system binary. It
will then run instead of the system binary whenever you type the
program with the same name in the command line (unless you type the
full path to it). The potential for exploitation is vast. Few people
if any ever type the full path to workaday binaries like ls, find,
cat, sudo and many others. And as shown in my example, any of these
could be hijacked to perform different operations thanks to the way
Homebrew is installed. This can be done and cleaned up in such a way
that you’d never know it had happened.
how Homebrew invites users to get pwned (applehelpwriter.com)
Homebrew makes several questionable design decisions, but one of these
deserves its own section: the choice to explicitly eschew root (in
fact, it will refuse to work at all if run this way). This
fundamentally is a very bad idea: package managers that install
software for all users of your computer, as Homebrew does by default,
should always require elevated privileges to function correctly. This
decision has important consequences for both security and usability,
especially with the advent of System Integrity Protection in OS X El
Capitan.
Thoughts on macOS Package Managers (saagarjha.com)