Is it a security risk? I don't think so. Yes, your public key will be visible, but currently cracking the private key from the public key is impossible.
But I suppose it doesn't matter if you intend to spend it shortly after receiving, since you expose the public key when paying with a P2PKH input.
Regarding the byte cost, I assume all modern clients always use compressed addresses? If
the scripts in this answer are the minimum possible, compared to P2PKH, P2PK is +10 bytes to send to, but -34 bytes to spend from.
Is there a standard way to generate P2PK receive addresses? Aren't 1-prefix addresses just for P2PKH?
BTW, a few posts were deleted from this thread, which happens a lot on the forum. How come?