We didn't have millions of users, but were making decent profits to cover costs on the users we had, and growing. If someone outside the US wants to run a privacy VPN service for consumers, or if the lavabit case is resolved successfully, I'd probably say it's a decent business (boring, but decent).
The financial issue was the potentially huge liability due to a legal action or battle, not the (small) costs of operating the service; my cofounder and I are both not really able to take a lavabit-style stand (I do DoD/USG consulting work, so I have additional special considerations in doing anything which isn't absolutely legally compliant in every appearance which Ladar et al didn't have...).
We're still working on similar things, now without the revenue from the privacy vpn service.
The problem with Sealand is that you can't trust the people operating it farther than you can throw them, and they're not particularly small people. They are in a legally (and physically) precarious position, so if someone were to make a serious threat, there is no way you could expect them to be like lavabit and face them down.
(There's a new group trying to re-launch "HavenCo", although it has no real connection to Sealand; it's a VPN service and some mail and stuff run out of non-Sealand colos. I wouldn't touch it, myself.)
There is no solution to any of this other than pure technology. You want something where even the operators can't do worse than shut the service down, even if you have a gun to their heads. That's not technically feasible given current technology, but is a 6-24 months of development from being practical. And even with better technology, you end up having to worry about the entire stack, all the time -- constant vigilance is expensive.
Yeah, it was covering operating costs and some profit, and would feasibly grow into a decent overall business. But even if it became a decent overall business ($100-200k/mo profit in 2014?), one pen trap incident on one customer would have had vastly higher costs -- civil or criminal contempt being the most likely outcome (maybe not -$inf, but at least -$millions).
If we were the legally best VPN option, I would probably have pushed to keep it going anyway and just shut down when/if that happened, but as it is, non-us providers run by non-US people (there are several good ones) are an objectively better option, so in good conscience there's no reason to continue running a US privacy VPN service without technical controls to prevent being compelled to screw over a user.