Nextcloud suffers from a bloated PHP codebase and lacks first-class support for end-to-end encryption and 2FA (it has native FIDO2 passwordless though). The thing is, it's the only option for a self-hosted centralized cloud server with decent clients on the main platforms.
I'm not going to enumerate all the risks associated with self-hosting, but unless you use E2EE, there will always be a risk for your data. Server-side encryption doesn't do much, especially with the default master key mode where the encryption key sits on the drive right next to your "encrypted" data. Disabling it in favor of user key mode makes it a bit better, but the key to decrypt your data is in the server's memory once a client connects to your account.
All in all, E2EE should be preferred but as I said, it lacks first-class support despite being advertised as a huge feature on their website. It wasn't usable until recently and there are still many quirks.