[Vegenoid]

> I'm not entirely on the same page as the parent comment regarding "[t]hat's what you're paying a good PaaS for" in terms of security and availability. If the platform is down, having a service level agreement (SLA) is nice, but worthless because your application is also unavailable.

> If the platform cut corners regarding customer data separation (you know, because you can be cheaper than the competition), your users' passwords may be next on HIBP (haveibeenpwned.com).

This all applies to running on a VPS in the cloud too. You have to own much more of the stack to avoid this than is usually realistic for one person running a free web app.

What I mean about the security and availability being provided for you is that you don't have to worry about configuring a firewall, configuring SSH and Nginx, patching the OS, etc.