I'm not aware of a significant performance penalty on eval, although of course one'd expect a delay due to compilation. But in your case it's unlikely to be slower than &$function. Additionally it offers stability to your program by catching errors.

Security is a concern for eval, but if you're calling the same code &$function anyway, there's no more security concern in eval than in &$function call. The latter also has to turn off strict (partially), not the best thing to do.

So I suggest to stick to eval since AFAIK it works, it performs, and it handles errors.