Lightning keys have to be online, so “non-custodial” alone isn’t a security model. This post introduces a Lightning Security Spectrum (-1 to 5) and a simple way to think about risk: probability of compromise vs blast radius. It maps common wallet/node setups to what actually happens under node compromise, compares hardened node environments (enclaves/HSM-like) vs validating signers (VLS), and ends with a checklist of concrete questions to ask your wallet or provider.