The spec is clear that it is not allowed to invoke BeanManager.getReference(), BeanManager.getInjectableReference() and BeanManager.createInstance() before AfterDeploymentValidation. I.e. it could be safely used during AfterDeploymentValidation and after the application initialization finished. The reason is that before ADV the set of beans/interceptors/decorators may not be complete and extensions can still affect the resolution.
However, using InjectionTarget, UnmanagedInstance and Contextual.create() has the same risks. I think we should clarify the usage so that the spec is consistent.
WRT backward compatibility - note that the container is permitted to define a non-portable mode to overcome problems with legacy applications not using CDI SPI properly.