Method of installation vs security / updates

As I’ve been having issues getting NC running with a manual installation, I’ve been re-considering other methods of installation, such as Snaps and VMs.

Are there any added security / safety concerns that I need to think about with these installations versus a native or manual installation?

I’ve read that Snaps leave me at the mercy of the snap dev to keep ALL the necessary packages and dependencies updated… that I won’t be able to keep all the pieces up to date without some extra effort, if at all. Is that correct?

Other than an extra layer of complexity, and an extra piece of technology that can be exploited, I’ve heard of no major security concerns with running VMs… unless one uses a nefarious VM. That said, one is still at the mercy of the VM dev as to flavor of packages used and perhaps some settings (LAMP vs LEMP… location of stored data… ???)???

Thanks, in advance, for your wisdom, knowledge and words of advice.