I had heard no shortage of warnings against using Lucene/elasticsearch to host my own basic search. But it was incredibly easy to implement and about as painless as running an apache server. For a self hosted project I can recommend it. Is it Algolia? No. Did I need Algolia? Also no. But it has been running for 5 years with barely any need to touch it once it was set up. Happy days for a hobby project, or a project with on-premises requirements.
Almost all security issues with ES stem from their idea to keep authorization as separate, paid product (X-pack). On other other hand MongoDB had similar issues since they wanted to their product to be easy to setup and use, maybe for people scarred of pg_hba.conf.
Actually wrong at several levels. First, the free version includes all the security features. Xpack was always free (as in beer) and easy to enable when that still was a separate thing (it no longer is). After they changed the license for the whole of elasticsearch to be similar, xpack is no longer a separate thing. You just get the whole product. For free. There are some paid features in there but they are mostly related to high value stuff related to e.g. machine learning.
The "security issues" mostly stem from people intentionally running it without a firewall completely unprotected on the public internet. And then they put important data in there. Simple solution: don't do that, it's stupid and negligent and it's 100% your fault if data leaks like that.
You wouldn't run a database on the internet either. But if you must run it on the public internet, just put nginx in front of it with basic auth and https. Problem solved. Not that hard.
Alternatively, use the hosted version which doesn't allow you to do that at all and is nice and easy to get started with.
Agree, I think after using it in professional context I can say it scares me to think about running it on a heavily trafficed site, but it is amazing and easy to set up for hobby stuff and even small side projects. I've replaced it recently with Postgres FTS though (https://www.postgresql.org/docs/current/textsearch.html)
Lack of ability to search indexes by relevance OR date
the highlighting function randomly returning no values despite a hit
lack of ability to define relevance by word positions - searching for "red dog" returns "the sky is red, i love my dog" and "red dog" as the same score. RUM indexes helped, but did not fix #1