Which could be the risks to add "Defaults secure_path="/home/username" in "/etc/sudoers"

sudo

The secure_path value, if set, will be used as PATH environment variable for the commands you run using sudo.

That means, when you run e.g. sudo apt update, the system will try to look up the command apt in the directories specified in the secure_path, in the specified order.

Now if you add a directory to which non-root users have write access to the secure_path, you can do it in two positions:

  • append to the end of the secure_path list, with least priority
  • insert at the beginning or in the middle of the secure_path list, with higher priority.

Appending to the end is almost safe if as it will not change how existing commands will be resolved, it just allows executables from a different directory to be executed without explicitly specifying their location as well. The fact that this additional directory is writeable for non-root users allows them to put malicious files in there without elevated privileges though, so you have to be careful when typing any command that is located there (willingly or by mistyping something else).

However, if you put your directory not as last element but with higher priority, the contents of that directory will shadow and override those from the locations that come after it in secure_path. For example, if you put your user directory first and it contains a (malicious?) executable named apt, the next time you run sudo apt update you will get a surprise...

I would also never directly add the home directory to any PATH or secure_path, but instead create a dedicated directory, e.g. /home/USERNAME/bin for that, which only contains the executables I want to have on my PATH and nothing else.

Conclusion:

You should not put any directories into secure_path if they are writeable for anyone except the root user. Otherwise normal users without elevated privileges (including malware or attackers compromising such an account) can put their own executables there and wait for anybody with sudo rights to accidentally (use common misspellings of frequently used commands as file names) or willingly execute it.

If you really want to do so though, try to restrict write permissions to that directory as tightly as possible, and make sure that you add the directory as last element of secure_path to prevent anything in there shadowing system executables.

Alternatives

However, the safe way would still remain to just always type out the full path to the executables outside the default secure_path if you want to run them with sudo.

You could also use a command-substitution with which to get the full path of something in your user's PATH, like

sudo $(which MY_EXECUTABLE) ARGUMENTS

Related

How to access files (documents, drives..) in i3wm?
How to remove square brackets, any text inside, and space after & before the brackets?
Moved file to typoed-folder
Tkinter freezes with time
What does "$@" do in a bash script? [duplicate]
Check java version without java -version
libglut.so.3: cannot open shared object file: No such file or directory
Count number of different name in a file
Tree Command not working in some directories
How to (quickly) switch to dark mode in Ubuntu with GNOME and to make it fully dark?
Synaptic remove "gedit" wants to remove "ubuntu-desktop". How can I reinstall "gedit"?
Can I use my Ubuntu One account to backup with Déjà Dup?