So the general tailscale actually uses peer to peer wiregaurd connections. Headscale is the middle point to negotiate these wiregaurd connections.

So none of the traffic moves through the VPS.

As for a VPS itself, it’s noore unsafe than your local bare metal. It’s still an application publicly exposed and needs basic precautions like fail2ban or crowdsec

Not the person you replied to.

I mean that’s all good and fine, but it’s still off topic at best?

They’re valid problems to have, but no one here asked you to. Yours is a root comment.

It’s not an airport, there’s no reason to announce your departure.