Only nerds with pre-release versions of browsers are using HTTP/3, so I would not worry too much about them having issues. You are also not going to see any massive benefit today, given the limited user agents supporting H3.
0-RTT has potential security issues you should consider before enabling, but I have not experienced any issues. 0-RTT will show greatest benefit if your users on on high latency connections.
I consider both to be pretty safe.
As to why there is an option to enable/disable them? H3 is still in development, so it would be a terrible move to enable it for everybody by default with no option to disable. And 0-RTT might have security issues for customers it needs to be configurable.