The dilemma of hosting a mailing list inside WordPress

For this site’s automatic e-mail service I use Mailpoet. I love this plug-in. It’s a plug-in that focuses on it’s core service: sending a well designed e-mail in bulk. Before switching to Mailpoet I used Mailchimp. Mailchimp has increased its possibilities up to a point where you would now need to follow a course to understand how to use it. I still have other mailing lists running in Mailchimp and would love to move those lists into Mailpoet as well. There is one big thing that bothers me about using Mailpoet, though. The data is stored in the WordPress database.

As someone whose WP sites have been hacked in the past, I feel uncomfortable that personal data of readers being stored in a place that is known to be hackable. Especially when that data is collected for business purposes. Of course I take precautions to keep plug-ins and WP up to date and I use a solid password for login. My hosting company has proper firewalls in place as well, but is that enough protection when storing personal data inside the WP database? I can rely on a service like Mailchimp to protect their servers, since it’s key to their existence. A breach into their servers means they lose business. On my own website I would never be able to replicate such a level of data security.

On the other hand I feel uncomfortable that Mailchimp, or any other mail service, hosts a list containing personal data of my readers. They, a third party, store my data. With Mailpoet I at least fully own the data that I collect, but that comes with more responsibilities.

Mailchimp proved to store data about my readers that I didn’t ask for. Therefore I will move all my mailing lists out of their service. The dilemma is where to move the data to. I’m thinking along two lines.

Option 1

Use Mailpoet for all my mailing lists. This requires extra security safe guards to be implemented on my WP sites, but I’m not sure what should be good enough. What plug-ins and adjustments are really necessary to increase security on a WP website?

Option 2

Choose a different service, similar to Mailchimp, where I store subscribers and that handles the sign-up and sending part. I’m looking at NewsletterGlue for WP integration.

I would really like option 1, but have this nagging feeling that option 2 is the safer and simpler option.

What would you choose? Am I worrying too much about my website getting hacked? Can you point me to solutions I’m overlooking? Would love to hear your thoughts on this.