Actually I don't think self-hosting is a viable solution for many people. Most server hosts are not security experts. IT security is really hard due to the many possible attack vectors you have to be knowledgeable about. In this article they assume that an attacker has compromised a server and I don't see how a layman can keep a server safe if experts want to compromise it in the long term if you just follow the reccomend maintenance. One day you will slip up.
You might get a security related update late, did not hear about the last breach and are not aware how that relates to you, all sorts of scenarios. The only way to make it much more difficult to be compromised is if you don't connect your self-hosted cloud solution to the internet. But then it's not a really a cloud solution anymore.
And that's before you have to consider that not everyone has the knowledge, time, interest to self host.
