The problem with the strong security is that it makes it expensive to port into the system. They also assumed more sharing than people actually seem interested in. I'm mostly just running apps that have no reason to share with each other because they each have their own domain anyhow. So the end result is the ecosystem was more expensive to join if you had an existing system than it might have been otherwise, and it inhibited getting projects onboarded.

I am not the craziest self-hoster, but I've got several things now. I run a core syncthing node, Immich, Jellyfin, and Pihole. (Honorable mention I suppose to a Vaultwarden image, which is run on the public internet but my scripts treat it like it's another self-hosted option, rsync'ing it down locally and including it in the daily backup.) None of those are on Sandstorm, and a major reason why is the security system. They don't match it and porting it is a rather large amount of effort.

I haven't used any of the self-hosting options, so I can't review if any of them are as nice as Sandstorm. All of the above is running in Docker on an Ubuntu N150 and a USB hard drive, home-grown, with a backup script (restic over S3, true backup) that covers them all. It ought to in principle do most of what Sandstorm does now by driving docker, albeit missing the sharing, which I can't say looked all that compelling anyhow, automatic backup integration, etc., because it really isn't all that hard to set up.