it still could be made working with using real logins for scraping which can be a bit illegal but if you do it on your personal instance it would be more than enough. I'm not sure, maybe nitter already supports this instead of guest tokens?
That would be in it in ideal world but Twitter can sue you for damages as you explicitly agree with ToS in most countries especially US. There's enough precedence when it comes to "login" scraping in the US that you'd most likely lose (though probably not a massive payout)
Twitter is unlikely to bother with small non-commercial scrapers but I wouldn't risk attaching any tracable info even for small personal projects.