Not a security issue, but a usability one. On your attempt to get out the optimal solution for your own setup you customized the configuration pretty much, maybe more than you even realize it yourself.
Which is perfectly fine if it works great for you. Just a small reminder that my approach is a bit more general (and note that my variant might not even be the best solution for everyone’s use case. See, e.g., @unman’s sys-printer setup in your other thread).
Getting back to the usability issue I am spotting: you totally focussed on the aspect of printing web pages (or emails, for what it’s worth) which are automatically named “mozilla.pdf”. Everything else that you might ever want to print will not profit from your setup. It might even crash your script if you download anything in torbrowser which is not called mozilla.pdf. so, at least you should probably put your inotifywait call in a loop, so that it triggers whenever a new file appears. Maybe even make it more general, so that it triggers whenever you download something with a particular file extension (.pdf, maybe also .docx or something similar?).
However, before customizing that much in this direction I would probably rather setup an unman-inspired cups-proxy with qrexec.
Securitywise, as every call to “qvm-move” would trigger a popup window from dom0 (unless you tinker with the default qrexec policies), everything should be fine.