Yeah, I think your biggest risk are things like events where the SIDs/GUIDs get posted into the event, and those SIDs/GUIDs need to be translated on the local system for them to come across as full account names and not raw SIDs/GUIDs. The event log reader that LEM uses now locally does this translation in real time.
I would test change events on the remote system (the forward-ee) by both local and domain users, then login/failures from local and domain users, then file and object audit events from local and domain users. That'll cover a large swath of risky events. It would (edit: BE A BIG BUMMER) to get something that said someone was added to local admins or a file was deleted and then have to figure out how to translate a GUID/SID later...