With the newly found vulnerabilities in the 1.6 versions of Project64 which involve code injection, will this affect the validity of runs performed on this version?

No, I seriously doubt it. I am going to continue using PJ64 v1.6 because I don't like the extra input latency that comes with the Mupen64Plus GUI option. Whether or not the latency is the same and I am just perceiving it to be different, I really don't know. I'm just too used to PJ64 to switch at the moment. And... it took me a while to set up the PJ64 EMU properly with all the best plugins. I am not keen on repeating this process with a Mupen EMU.

From what others have told me, these vulnerabilites have existed for many years and this isn't a completely new thing (I think PJ64 v1.6 was released in 2011). It doesn't really concern me as I will not be downloading random ROMs and ROMHacks. I have all the ROMs I require already.

Please someone let me know if I'm wrong about any of this.

The vulnerability in PJ 64 can only happen if you load an unverified/unknown ROM. To prevent this, you can check the ROM hash to make sure it matches the real SM64 cartridge (differs for JP and US) (SM64 discord has a command w/ instructions for how to do that). tl;dr - for speedrunning doesn't matter unless you have a fake ROM.

Tbh there's probably no one making fake ROMs and distributing them. But if you want to be on the safe side, I would just avoid casual gaming on PJ 64 1.6

Yeah if you want to do any rom hacks for sm64 too make sure to use romhacking.com