It's not if you're running it system that also runs other software. On a dedicated VM, I wouldn't care, though.
As for :latest, that depends on the push policy of the container owners. NextCloud only pushes stable releases to :latest so it's probably fine. There's no reason a :v123 tag would be any more or less secure than :latest.
As for :latest, that depends on the push policy of the container owners. NextCloud only pushes stable releases to :latest so it's probably fine. There's no reason a :v123 tag would be any more or less secure than :latest.