Especially since doing that will let you Federate through compromised comments, and possibly affect other instances using the Federation network, unless they're updated.
Yes. They got hacked. An admin account got compromised, and the hackers exploited a bug in Lemmy-UI (the web site) that let them do things like redirect users to another site that let them run Javscript. It seems to have let them collect some user tokens from accounts, and access an admin account that way.
Others did get hacked, or are vulnerable to it, but aren't big enough targets?
Beehaw is closed, so they would have had to have an existing account to exploit the same bug (or go through something like Kbin), and Lemmy.world is the biggest Lemmy instance.
No. The existing Lemmy-Lite that was advertised on join-Lemmy.org appears to be massively out of date, and no longer actively maintained.
It was a bug with Lemmy-UI, so you might be able to get away using an app or site that isn't vulnerable. Whether that is Wefwef, one of the apps, like Jerboa, or something that is Federated, but not Lemmy, like Kbin, or Mastodon (things might be a bit clunky if you do, since Lemmy threads aren't well handled by Mastodon).
That sounds like a horrid decision. Imagine having to troubleshoot a relative's computer, which isn't working because their internet is down, or is too slow to support streaming Windows like that.
It just sounds like a nightmare all-round, both from a Microsoft Standpoint, since they would have to build all the hardware to support it, people who would have to troubleshoot an issue that might show up on either the local or networked version of Windows, but not both, and from a security standpoint, since it seems like it would make it a lot easier to just hijack the whole computer using that kind of mechanism, with the user being none the wiser, for the most part.
Although you have to wonder how much advertisers would actually pony up if most of the Reddit users weren't actual users at all. They want people to do the clicking, and if the users are all bots, they're likely not going to bother wasting their money at that point.