Perfectly secure and might even confuse people that just ping everything to check for people with stuff open if they have a devices with that IP and it responds.

Yeah that makes sense. I can only ping it if i'm on my LAN or wireguard tunnel. No ports are open and it's just used to resolve the domain names.

I've been using it for years.. its perfectly fine.

It’ll be fine. One thing to be aware of is that some ISP routers will have DNS rebinding protection enabled that will block resolution of the entry (or any private IP as per RFC1918).

not only ISP routers but also e.g. Google Wifi Home Router or any router running vanilla OpenWRT ....

I've struggled with this so many times. Really frustrating and can be pretty hard to debug.

Home environment? Fine. Enterprise environment? Absolutely not

Why not in enterprise environment?

Your internal caching DNS server should be configured to reject answers from public DNS servers with rfc1918 space in them due to the risk of DNS rebinding attacks: https://en.m.wikipedia.org/wiki/DNS_rebinding.

You can configure your DNS server to make an exception for your domain though, because you trust your own domain not to be hosting malware.

So yes, this is a perfectly valid configuration but the fact that this works out of the box means that your home network is not protected against DNS rebinding attacks.