Question for anyone self-hosting vaultwarden: how reliable is it and how do you harden it?

I'm thinking about running it in a container (Podman Quadlet with systemd) behind a VPN, with daily backups with borg. Anything I'm overlooking here?

No matter where Bitwarden ends up, passwords are one of these few things I am very hesitant to self-host. The stakes are just too high, and my knowledge of security has too many unknown unknowns to take that risk.

Personally, I want to avoid the responsibility for hosting it myself. I'm happy to pay for that. But a reasonable amount. Today Bitwarden's price is fine for me, but I worry about what's coming.

It is still maintained, but I believe the maintainer is employed by Bitwarden now, and is working on projects in addition to Vaultwarden.

Is there an alternative frontend as well, or are you still locked in?

How do you trust that it will be kept maintained and secure?

Don't I have to rely on the OG frontend/GUI components, though? They are one automatic update away from bundling taking custom server address away with important security fixes, in a way that you are damned if you do and damned if you don't.