No because it's a dumb question and you don't want any stranger inside your home network regardless of firewall.

The comparison you get to make is in terms of the _extra_ security this project buys you.

Might I remind you of two things:

- You're advocating for installing random (?kernel) level software from the internet. That by itself is a real and larger treat than any potentially insecure things my `llm` user _might_ do in the future.

- User accounts security was the goto method for security for a long time. Further isolation was developed to accommodate: 'root' access for tenants, and finer resource limits controls. Neither I care to give an LLM.

So we only have build in firewall and sandbox duplication as the real feature. For the latter, my experience is that it's useless on a personal device, and slows down building or requires too much cache config. I'm not installing random crap, so i can live with the risk of lan exposure.

I'm happy with the maintenance/complexity/threat matrix of useradd.