Those addresses are also risky to use, even if the mining pools are legit.
As they already have the private key they shared with you, your address is already considered exposed since day1.
It actually depends. There are ways of generating vanity addresses through the split-key method, which doesn't give anyone (expect you) access to the final private key: https://en.bitcoin.it/wiki/Split-key_vanity_address