Risks of setting noCompressionForHttp10 and noCompressionForProxies to false
It should be safe to set those options.
Looking at the default Apache 2.2 conf in Ubuntu 12.04 (/etc/apache2/mods-available/deflate.conf), it looks like IE 6 had some problems with compression for CSS, RSS and Javascript.
Also, some really old proxies don't support the 'Vary' header, and would thus send cached, compressed contents to clients who did not indicate compression support in their 'Accept' header.
If your webserver ONLY gets accessed through the CDN, then those two options don't matter at all. If you still allow direct access to your webserver, then, as you said, really old browsers/proxies might have a problem (but users of such ancient products will face a host of other problems...)