Is this a security risk?

I would like to provide a limited view of my database to some users,
so i thought of creating a second database (I can control access by IP
address through pg_hba.conf) with some views that queried the first
database using dblink.

The problem is that dblink requires non-superusers to provide a
password, but i would like to use the authentication from the first
database connection in the second dblink connection.

I can do this with the example below, but i was wondering is this a
really bad idea or does it create a security hole?

Example code:

CREATE DATABASE test1;
CREATE DATABASE test2;

\c test1
CREATE TABLE test (id int);
INSERT INTO test VALUES(1);
INSERT INTO test VALUES(2);

\c test2
CREATE OR REPLACE FUNCTION my_func() RETURNS SETOF record
AS $$
DECLARE
_username text;
_query text;
_row record;
old_path text;

BEGIN

old_path := pg_catalog.current_setting('search_path');
PERFORM pg_catalog.set_config('search_path', 'public, pg_temp',
true);

SELECT INTO _username session_user;

_query := 'SELECT * FROM dblink(''dbname=test1'', ''SET SESSION
AUTHORIZATION ' || _username || ';';
_query := _query || ' SELECT * FROM test'') ';
_query := _query || ' AS t1(id int);';

FOR _row IN EXECUTE _query LOOP
RETURN NEXT _row;
END LOOP;

PERFORM pg_catalog.set_config('search_path', old_path, true);

END;
$$
LANGUAGE plpgsql SECURITY DEFINER;

SELECT * FROM my_func() AS (id int);

thanks for any help

adam