Another great point I wish I had in mind when writing above bullet points. Self-hosting doesn’t have good incentive structures.
- If all goes well, it’s invisible effort.
- If it gets hacked, it’s probably resulting in FUD (related: Placing Trust in Whonix ™ chapter Server Security in Whonix wiki) and ridicule.
- If using third-party hosting such as github and github gets hacked, then it’s just a third party that got hacked and the reputation of the project that was using github remains stainless.
Even security experts don’t claim that they can absolutely secure a webserver / webapps form ever getting hacked. Usually the more of a security expert they are, the more modest they are, the more careful they are to avoid making bold claims of something being secure.
If that would even be enough money to avoid full database losses every other year.