Security implications of bitcoin.conf location

I’m setting up and hardening a dedicated headless bitcoind and lightning daemon and wanted to have a discussion about location of the bitcoin.conf.

Item #1:

Bitcoind defaults to using ~/.bitcoin/bitcoin.conf, presumably because keeping all relevant files in one location makes it easier to copy and/or share the blockchain between different machines. Are there security implications to this? Is it substantively safer to store bitcoin.conf in /etc instead (such as /etc/bitcoind/bitcoin.conf)?

One argument against using ~/home/.bitcoin/bitcoin.conf I thought of is the RPC Password is be stored in the .conf file and could be viewed by anyone with read access. So it is less readable in ~/home or in /etc?

I’d get +1 POSIX-style-points for using /etc…

One argument against using /etc/bitcoind/bitcoin.conf is portability. It is less convenient to have the .conf file in a separate location. Less convenient means greater chance of mistake or error sometime down the road.

Item #2 Similar to #1, besides +1 style points, is there any advantage to moving logs to /var/log? My understanding is bitcoind already rotates logs, but is there an advantage to how systemd does log rotation in /var/log?