Perhaps we are talking two different things here, I was merely talking about securing your server to protect you and your users' data.

For example, can I ask you how you secure your server? Would your server be able to pass an Openvas/Nessus penetration test, have you even performed one? What are your server update policies like? Do you have any external logging server? If not, how do you know someone malicious didn't login to your server and stole your data and erased his tracks?

There are a lot more variables when it comes to security and data.