address – The security of the Bitcoin core portfolio

When running a bitcoin node at the enterprise level: many addresses will be generated with get the address RPC for users to send their funds to. As far as I know, these addresses, as well as their private keys, are all stored somewhere in the datadir. The entire key tree, as well as the starting key, can be flushed via rpc. Are there rules of thumb to protect these keys against unauthorized filing? Are there scalability issues because too many keys are stored in Bitcoin Core? Are there any other rules based on private keys and the company?