As others have pointed out, DNS is a risk, but the threshold for that being censored is real high... if the State of Iran and Alex Jones get by with DNS so can you...

Legacy Lightning Addresses are still trusted however when outsourced, because if its not your webserver you have no enforcement of what invoice it actually serves. You're trusting that 3rd party webserver to not intercept your payments.

NIP-69 fixes this: https://lightning.video/bd926eaa77a9a1046afb12faabb268be925b01d952edc3ce19d092f258ea3572