Not aware of any official security checks around the PnP. Might have been done a one-off in the customer engagements/projects, but not from our side. PnP is using native oob APIs exposed from SharePoint, so there should not be any surprises from that perspective. In general, though PnP is open source, community driven initiative, with obvious implications from supportability perspective. 

Just a quote around the supportability from the monthly communications - https://dev.office.com/blogs/pnp-august-2017-release. 

What's supportability story around PnP material?

Following statements apply across all of the PnP samples and solutions, including samples, core component(s) and solutions, like PnP Partner Pack.

• PnP guidance and samples are created by Microsoft & by the Community
• PnP guidance and samples are maintained by Microsoft & community
• PnP uses supported and recommended techniques
• PnP implementations are reviewed and approved by Microsoft engineering
• PnP is open source initiative by the community – people who work on the initiative for the benefit of others, have their normal day job as well
• PnP is NOT a product and therefore it’s not supported through Premier Support or other official support channels
• PnP is supported in similar ways as other open source projects done by Microsoft with support from the community by the community
• There are numerous partners that utilize PnP within their solutions for customers. Support for this is provided by the Partner. When PnP material is used in deployments, we recommend being clear with your customer/deployment owner on the support model