Looks like a sensible design. Thanks for the research, Kane!
This design, like any on-chain voting mechanism that directly implements proposals, would be vulnerable to vote manipulation (see the infamous Beanstalk hack), so we’ll need to be very sure this kind of attack isn’t possible. I’m sure the auditors will have this in mind, though. Looking forward to seeing the implementation!
This this might be a good opportunity to add some of the extra security features that have been suggested. E.g. time-weighted voting power from my original draft of RPIP-4 and @epineph’s suggestions in this post.