I think it is, but build backends should strongly consider being more safe, whatever that means to them. You generally can’t build this kind of security into an interop specification - only restrictions.
I mean, the build backend could require it to be marked dynamic if it’s not already included in the sdist? That’s easy enough for the developer to fix up at the same time as they’re setting the path.
I thought “dynamic” didn’t apply to source tree->sdist transformations? If all the published metadata matches, what exactly is dynamic about it?