ByteBufferUtil is not in our public API, so ti should be fine. We've been known to leak that abstraction, so I'd recommend checking the Accumulo contrib repos to make sure something else isn't impacted.
I noticed this defensively copies the actual byte arrays. Do we have some quick way to check for a performance regression on this? I'm not sure how extensively we use getAuthorizationsBB, so I don't know how much overhead we're talking about adding.
An alternative would be to use the byte arrays in place but call asReadOnlyBuffer to make sure the generated BB's can't be modified. This won't work if whomever is using the BB needs to grab the underlying byte array, because read only buffer's don't allow access to them (I think Avro's serialization code does this).