• mist-ce is NOT intended for production use.
• It is recommended to deploy mist-ce only on isolated networks.
• Internet access is required to manage public cloud providers, do so with caution and restrict access where possible.
• Many features remain untested or unverified, especially in real-world deployments.

From the original mist.io F.A.Q.:

How secure is it?

Mist helps you enhance security by implementing access policies consistently across your entire infrastructure and organization. Security was a top priority in the development process since day one.

We've been using Mist internally at Mist.io Inc to manage all our systems since 2013. During this time, we never witnessed any evidence of security breaches on our production infrastructure. Also, none of our customers ever reported any breach where Mist was involved.

While this may reflect the state of the original codebase, Mist Community Edition is no longer actively maintained by its original developers, and its current state may contain vulnerabilities or outdated dependencies.

There is no formal security response team or process at this time.

If you discover a potential vulnerability or issue:

• Please open an issue or discussion (if non-sensitive).
• Or, if you're unsure, refer to our CONTRIBUTING guide for guidance.
• Pull requests to fix security issues are very welcome.