Security concerns when deploying contracts with the same account on different chains

using the plain old CREATE opcode, when I’m deploying contracts, the contract addresses depend on the account’s current nonce.

When I’m using the same account / EOA to deploy contracts on different chains, there might exist completely unrelated contracts on different chains.

Regardless of the UX implications (multichain explorers, eg tenderly would display unrelated transactions across chains), might that lead to security related issues? Could eg someone find a transaction casted for one contract on the L1 and replay that on an L2 (since the contract addresses are the same?)

In general, EIP-155 prevents replay attacks on different chains.
Of course, for the few transactions that sign in a pre-EIP-155 format, yes, there will always be some amount of cross-chain replay attack vulnerability. Those transactions are typically very intentional, however, and are not part of the typical UX.