I do not have the inclination or resources to secure and keep my server up to date, unless we are talking about a periodic "apt upgrade" that I could configure to run automatically, but no more than that. And at the very least I know how to reasonably secure a Linux server, at least initially.
If running your own server gives you peace of mind in terms of security, then read more about how security works and the threat model you'll face. Just to give an obvious example ... running your own Wordpress is one of the worst thing you can do on your own server, putting your whole server at risk, not just your website.
My personal experience says this is 100% true.
Even when I've managed to stay on top of WP updates my server is invariably targeted more often by automated attacks more often than others that are hosting static sites and other frameworks. I strongly suspect that attackers maintain lists of server addresses that host WordPress sites and use that to make assumptions about their running services. If they know that it's a "self-hosted" webserver, even if they can't break WordPress there's a very good chance that some other unmatched vulnerability exists.
I don't know about this argument. On the one hand you can configure something as secure as you like/can, on the other hand you have to trust other people to do their best. If you don't trust them with your passwords, you would also not trust them to do their best.
If you host yourself a paranoid me would host their instance accessible only inside a stable VPN xor by tunneling a port via SSH.