I have an interesting request for view definition for all application logins to determine correct SP definitions are being deployed when executing sp_helptext by the apps. Usually I only grant view definition to users that need this information but they are trying to automate that process. I am concerned with security issues that may result. Can anyone think of any reason (e.g., sql injection) why this is not a good idea?

The lack of VIEW DEFINITION permission provides a secondary level of defense if a SQL injection vulnerability is exploited.  With VIEW DEFINITION permissions, a hacker that gains access under the application security context could see the underlying proc code.  This knowledge won't be a big deal if no permissions are granted on those objects but will facilitate intrusion if the account also has permissions on those objects.

I think a better approach would be to deploy and validate using a privileged account rather than the application logins.  That would eliminate the need to grant more permissions than actually needed for application execution.