@FeelNiceInc in terms of security vulnerability of the system, I trust in the open source community review and collaborative effort. Of course, there is always a risk. But I tend to trust open source solution more than a proprietary one.
You could set up a small Cloudron box or docker box at home if this is a concern for you, and if you're remote from it, use VPN and IP black-list / white-list.
I use Bitarden (vaultwarden) and trust that. OK, data is encrypted there. I haven't checked about Paperless and encryption. Must go and do that out of interest.