We run it on an internal-only server, only accessible via 2fa.
Edit: The one time I found a software bug, the developer sent me a fix within an hour.
[0] http://www.clickstudios.com.au