The answer to your question is in the documentation for the ACL bundle:

Using ACL's isn't trivial, and for simpler use cases, it may be overkill. If your permission logic could be described by just writing some code (eg to check if a Blog is owned by the current User), then consider using Symfony built-in security voters.

Therefore, if your application needs a flexible and externally configurable (for example, through the admin panel) system for separating rights, then there is nothing wrong with using ACLs. It's just that in most cases, a simpler access sharing logic is enough, and this is exactly what is decided through security voters.
Externally configurable implies an external source, in the case of Symfony ACLs, this is the database. Thus, for each request you will climb into the database, which can affect performance. In addition, the calculation of the availability of a particular resource in itself can be more complex, and therefore more time-consuming.
And, of course, setting up the ACL correctly in order to close everything you need and not close something superfluous can be a very non-trivial task.
Therefore, the answer to the question "is it worth using ACL" is obvious: "it is worth it if you need ACL in the project".
The performance will be affected by how much - again, it depends on your project, if it's just CRUD - then the impact will probably be noticeable, but if you don't have highload there, then it probably won't be critical.