I want to host an SVN server (or git or mercurial or whatever). I have two options:
Install it on a small box sitting in the office closet, only connected to the LAN.
Install it on a server at a data center in another state that has a publicly accessible IP address and currently hosts a public facing website.
My concern with #1 is the only way people can connect from outside the office is to VPN, but this is the ONLY point of VPN in my office right now... so it seems heavy duty. Also, if the office catches fire or someone decides to steal the box from the closet, well... the server is gone. Which means I will have to keep backups somewhere anyway...
My concern with #2 is that having the source code on a public facing server means that theoretically, someone can gain access to the server and steal the code. The fact that there is already a public facing service being run on it worries me even more since there could be an exploit for that software discovered.
How do most companies manage their source control servers and backups securely?