I think I'll get bitcoin core to connect via VPN, it's much simpler. If I connect via VPN, does it still compromise my privacy?
VPN masks your location but your VPN provider would still be able to see your traffic. They can keep logs on what and who you're connecting to as well as seeing the data being transferred from your node and could determine which transactions belongs to you and your habits. Tor, when done right is the best for privacy.
I want to help others, but not at the expense of privacy and security, so should I UNCHECK "allow incoming connections" while using VPN?
You won't risk security or privacy when allowing inbound connections. The main risks arises when you're using Tor, allowing inbound connections and if some nodes connect to you through your clearnet. If you want to avoid this from happening, either bind the IP to 127.0.0.1 or disable it completely which is the default behavior for proxied Bitcoin Core.
Anyhow, my take on Bitcoin Core is that running one primarily benefits yourself. Yes, you will benefit the network as a whole but if privacy is more important to you, you could look at Wasabi wallet which streamlines the process for their users by implementing coinjoin as well.