Security audits don’t eliminate risks completely so it’s still possible a vulnerability be found in Plenty's smart contracts.
On top of the Plenty smart contracts themselves, whenever you join a pool, you’re also accepting systemic risks from the coins in the pool. For example, if you do not want to have exposure to Ctez, then you cannot join a pool that has it.
On top of its audits, Plenty smart contracts have held several millions for almost a year and it goes without saying that hackers would have already unsuccessfully tried numerous times to steal those funds.
Due to the liquidity pool mechanism, if one of the coin in a pool were to significantly lose its peg, the liquidity providers would hold almost all of their liquidity in that currency.