TL;DR I'm using WordPress Ajax and Nonces, a plugin that demonstrates how to enqueue dynamic CSS and JavaScript in WordPress is available at GitHub.

I'm boldly claiming that this is best practice for dynamically loading a style or script in WordPress. Why?  The loaded code is protected by a nonce. Disagree? Please tell me why, I'm learning every day.

The dynamic CSS

 `require_once dirname( __FILE__ ) . '/dynamic-css.php';`

The dynamic CSS (and JavaScript) is simple to create, and since the script is included you have access to all the WordPress functions, actions and filters. Forinstance, you can get the value using get_option , add the value and write to standard out:

//prevent direct access
if ( ! defined( 'ABSPATH' ) ) {
header( "Content-type: text/css; charset: UTF-8" );

//get value from options, settings etc
$color = 'blue';

a {
	color: <?php echo $color;?> !important;