Canister security

With Enable Canisters to Hold ICP and Direct Integration with Bitcoin, canister’s security is becoming more and more important. I think a lot of measures are being taken. For example, Security Sandboxing seems to be almost complete, and it is possible to prevent jailbreaks of wasm with side-channel attack.
My understanding is that there are two more problems with canister.

  1. DoS attacks that exploit the reverse-gas model
  2. Rug pull by developers rewriting the code because it is an upgradable smart contract

As for 2. ,it might depends on team and developers, but not trustless if so. It can be made immutable with a mechanism like blackhole, but I think it would be a shame to abandon its strengths as mutable contracts.

What measures are being taken for the above two points?