Hi, GreenWolf. I'm one of the SCP-RU administrators and also developer of this module.
You've raised a lot of valid concerns, I'd like to respond here so this information will be available to everybody.
Firstly, special themes. Indeed, technical limitations of wikidot are not allowing us to use any method apart from iframes to implement such complex things. And it is true that the lack of ability to apply wiki css to iframe content makes life little harder, especially when dealing with special pages like canon hubs with custom styling. But I'm planning to add support of the special themes to our backend so every page will have properly styled interwiki block. No estimates yet, planning to complete this by the end of this year. There is a public task that you can subscribe to for tracking progress (https://github.com/resure/scpnet/issues/23). And by the way, incorrect width of the block in mobile version is fixed already.
Secondly, stability. Nobody is perfect, it's indeed possible that our web services will have downtimes in the future. I'm planning to add some additional styling both to the backend side and to wikis to completely hide the block when our server is unavailable.
Last but not least, security. Domain itself (scpnet.org) is registered via Amazon Web Services for a few years in advance with autorenewing enabled. Access to the domain control panel is limited to one only person with two factor authentication enabled.
Domain leads to a server hosted by a big company with good reputation that works in this industry for many years. But we still planning to move to EU-based datacenters (Linode or Digital Ocean) in the next ~6 months to be faster (in terms of networking latency) for the majority of the scp community members around the world.
Access to the server is limited to one person's private key (password auth is disabled), it is running latest stable system (Ubuntu Server 16.04) with automatic security updates and some additional measures for intrusion prevention.
The only non-system software running on that server is our backend itself (coupled with battle-tested nginx web server). It is opensource (https://github.com/resure/scpnet) and uses latest stable runtime (nodejs 8.9.1 if someone interested) to power things up.
Web server & app logs are not being sent to any sort of external analytics services, I'm using them only to extract very basic things like current and daily service load. Logs are being rotated (= deleted) after a month by standard system tools.
Honestly, I'm much more concerned about safety of the Wikidot as a platform itself than about our web api (and the fact that they are placing mimic ads on this wiki is just terrifying to me).
