Bandwith and CPU resources aside, there's no real problem with it.
If you wish to add authentication in front of acme-dns, you could for example use a reverse Nginx proxy and set up basic authentication in it. That will require slight modifications to the hook script however.
Firewall rules are probably the best way to restrict the API access, if you control a somewhat static set of potential clients.