Is enabling Physical address extension in VirtualBox setup going to put my host machine at risk, when I infect the guest with malware?

I have a Windows 8.1 x86 that I would like to install on a virtual machine, but it can’t run without this feature enabled.

I don’t know. But I’ve analyzed/executed a lot of Win malware on a antiX 32 guest (PAE active, WINE installed) in a Win 8.1 host and never had Windows infected. Perhaps VBox support could give you a more definitive answer?