The interesting thing about Snowden to me after 10 years is how few times I see the public think about how low-level staff with hardware-level access can bypass all command and control decisions. He was a contractor who just wholesale scooped data off the servers. Nearly 10 years later... Jack Teixeira leaks documents because he has server access to documents outside his immediate need too.
I think a lot of organizations really don't see how vulnerable they are to deliberate attacks and theft - if the NSA can't protect their data 10 years ago, do you really think your mobile phone network provider or these VPN companies are not subject to internal staff selling off data, etc?
it's not very difficult to modify the code for something like this.... and closing off registration wont' let anyone else login and create new content form your istance.
Personally the load on the major servers by having one more instance that subscribes to everything is why I think people should back off from creating more than the 1500 instances Lemmy network already has. Delivery of every single vote, comment, post 24 hours a day just so one person can read content for an hour or two a day.
That makes sense for email systems where all that content doesn't have to be sent, but for Lemmy it's a huge amount of overhead.