For hosting the cloud, I have a small DigitalOcean droplet for running CentOS. It’s worth it for the stability; I recently wasn’t able to add items to myopenHAB (thanks for clarifying why in [SOLVED] openHAB Cloud expose items, I need guidance), and I didn’t want to wait for the problem to be fixed so I created my own cloud. Performance isn’t an issue, since it’s just me and the code is very simple. Security, however, is more of an open question… I don’t think there’s much to stop malicious behavior like DDoSing. But aside from network overload, I imagine it has the same vulnerabilities as myopenHAB, since the codebase is identical.
I read about IFTTT being blocked in myopenHAB, so I created a pull request for IFTTT realtime updates with the intent of reducing IFTTT polling (see Github). But Dan commented saying that the problem was primarily about Item and Event updates, and IFTTT polling just adds to it. In any case, I do hope the problem gets fixed soon.