I thought that many might disagree on a few of these tips but this is, in the end, my personal opinion.
I am sure all of these have exceptions and I’m sure I have missed something important. I would just suggest that you should have a strong enough reason for your approach and good enough understanding of what the implications of your design might be.
About point 7:
I still strongly stand by my suggestion that you must at least first TRY to change your approach. Problems, in my humble experience, have multiple solutions and usually at least one can be done in blueprint 
You will not believe how many projects end up with memory leaks, critical bugs and delays because someone did not see the obvious solution and “hacked” his way through the engine.
I would go so far as intentionally avoid writing C++ code until I have a working prototype and then try to identify the parts of the game where I want C++. With experience you can start making those decisions on the spot but I still do prototypes in BP only.
As for security - You can have fully exposed client and still maintain reasonable level of security on your server with or without VM. It again boils down to designing your systems.