If the manufacturer implements it right, an OTA update doesn't need to be any riskier than a tethered update.
The upgrade itself can be saved as a regular file, like any other data, that sits innocuously in your filesystem until the whole download is complete. This part would be no riskier over cellular data than it would be over WiFi... or over USB.
After the upgrade file is completely downloaded and it starts to install itself, the installer/bootloader could implement some form of journaling to ensure that an incomplete upgrade is automatically rolled back to the previous working version the next time the device reboots. (Of course, such a system would require reserving enough free Flash storage to keep the original files intact until all the replacement files have been unpacked.)
There is the inconvenient issue of small incremental patches causing rooted phones to become accidentally bricked. Apple, of course, has no legal obligation to protect such users from their own risky behaviour.
But their policy of sending a whole new copy of the OS certainly reduces the odds of such unanticipated bricking incidents, and on balance, it's probably a good thing to avoid the public relations nightmare of having to explain the technical issues of unintentional bricking to a largely un-technical public.
For OTA upgrades, though, a policy of sending the whole OS every time would certainly increase the time it would take to deliver the upgrade, and it would increase the amount of space that would have to be set aside to properly implement a rollback mechanism if the upgrade is interrupted mid-stream. But, it wouldn't necessarily impose any greater risk than you'd get from a tethered upgrade.