I read a bit more about LNURL-Widthraw and it is indeed possible to configure it to have limits.

In the case of dishonest merchants, you'll have to trust them, because by tapping with the card you can't see how much you're approving(they could create an app with a fake amount displayed while sending a larger invoice). That's basically the same as tapping with a credit card though(you could have a chargeback eventually though).

And yes, card stealing will mean you lost your money. Also similar to having a fiat card stolen and having the person tap away your money.

You have full control of it really because you can make it connect to your own node.

Most probably there's going to be a few issues, so I wouldn't put too many sats in that node, but this is just the first iteration of the technology. I'm sure it will get only better over time. Here are the lightning specifications that this is built upon: https://github.com/fiatjaf/lnurl-rfc

Under services you can see that ln.cash for example uses LUD-01: Base LNURL encoding and decoding and LUD-03: withdrawRequest base spec. You can read those to see how the transaction is actually performed under the hood.

Under self hosted there's some projects that use the same LUDs, like these ones for example: