You also understand that open source is one of the best ways to remove security issues? The article you link is about the instance infosec.exchange where a lot of security types have their accounts, and the issues are primarily those of configuration or HTML injection, and they were sorted rather quickly?

Look at it as a distributed database with geographically separated parts, each having an admin trying to figure things out. But it's a federated system. Your details stay in your 'home' instance so your security is as good as the admins of that instance - which IMO argues for paid-subscription instances, whether those happen to be Medum or something else.