I wouldn't run a node at home though (I don't want my ISP knowing that I am using Bitcoin, which they will know, even if I am using tor), I would instead use a VPS.
But a VPS node is not under your physical control. How do you know it is not compromised, and that it is actually enforcing rules correctly? There is too much trust involved there. You also cannot use this node to transact unless you store your private keys on a foreign VPS controlled by a third party. That seems insane. That means the only value it provides is to bootstrap new nodes -- assuming your node is actually operating honestly.
Unless you a) have personally compiled Bitcoin Core and b) understand what the code means then you do not really know your node is enforcing the rules correctly.
If you are using a VPS to run a node then yes you are risking that the node is compromised, however anyone with physical access to your VPS will not know who you are nor how much money you have, so they do not know what they have to gain by compromising your VPS. You can somewhat mitigate the risk of your VPS being compromised by running two (or more) nodes in distinct locations hosted by distinct hosts.
If you are running a full node from your home, then you will need to personally stay with your full node 24/7 to know with 100% certainty that your node is not compromised. If you ever leave your house to go to the grocery store or to go to work (or for any other reason), then there is a chance that someone could break into your house and somehow infect the machine that is running your full node with some kind of malware.
Running a full node from your home will also reduce your privacy because your ISP (as well as your VPN provider, if applicable, and your TOR entry guard, if applicable) will know that you are running bitcoind. Your ISP will know this even if you are running your full node exclusively behind tor because there will be a burst of data received -- and possibly sent if you are relaying blocks -- every time a new block is found, so all your ISP will need to do is listen to the network and check for bursts of tor traffic every time a new block is found. If you are not using a VPN then your ISP can launch a sybil attack to get a general idea as to how much bitcoin you have. Even if your ISP cannot deduct how much bitcoin you have, they know who you are and where you live, and from that information they can deduct estimated income and affluence levels
If you are known to use Bitcoin and have high income/affluence levels then an attacker might decide that your house is a better then average target to break into in an attempt to steal your private keys. Even if your private keys are encrypted and stored in a safe, an attacker can use physical threat of harm to entice you to give up your private keys.
You are giving up a very little bit of security by running a node via a VPS, however you will be an unknown target. On the other hand, running a node from your home gives up some privacy and has it's own security risks, and the potential of appeal of attacking you would be known.