how though? whether you hold the key to unlock the node or not, once it's running, it's all in memory. so how is it different? in addition, the core lightning database is not encrypted. if they use a remote database like postgres, then the entire database is unencrypted and accessible to anyone with admin privileges on the database. at least lnd's is encrypted on the filesystem. also core lightning seems to be developed with the philosophy that if the server the node is on is compromised, then you've already lost. so there is little to no authentication on the rpc socket. if they have access to the server, which they probably do since they are running it for you, then theoretically they could do whatever they want once the node is running.