If it’s not connected to the internet, that certainly does take away a significant cause of problems. Good luck

In theory if there are no security holes, a user account can only mess up its own account.

Note that what steps you want to take will really depend on who these users are and what you want to achieve. There’s a vast chasm between allowing in, say, friends or colleagues, vs. letting random people on the internet access it. The latter will mean someone will intentionally look for exploits, which means e.g. regularly applying security updates becomes far more pressing.

If you are letting in random strangers, I’d look into only giving them access within a separate container or ideally virtual machine per user as an extra precaution unless what you’re making available is very stripped down.

And there you have the reason they sued to force Musk to stick to his word of buying it rather than let him off the hook and look for someone else dumb enough to pay that much for it.

Revenue is money in before costs, so yes their revenue is still positive given they are actually charging some people positive amounts. Their earnings are quite likely negative.

Just a few years back, Vernor Vinge’s scifi novels still seemed reasonably futuristic in dealing with the issue of fakes well by including several bits where the resolution of imagery was a factor in being able to analyze with sufficient certainty that you were talking to the right person, and now that notion already seems dated, and certainly not enough for a setting far into the future.

(at least they don’t still seem as dated as Johnny Mnemonic’s plot of erasing a chunk of your memories to transport an amount of data that would be easier and less painful to fit in your head by stuffing a microsd card up your nose)