In terms of website performance our underlying technology can easily scale.  The primary database that powers steemit is the C++ code that runs the blockchain. This database is trivially replicated and kept in sync across the globe. (The power of blockchains).  The internals are based upon the graphene code which is about as efficient as any database can be.  I see no problem with scaling our database or our front end assuming we have steady / predictable growth.  

In terms of security, it is something we take very seriously. It is also something that is very difficult. Overall, our security is built on better fundamentals than most other blockchains for the following reasons:

1. 99% of the value is time-locked and secured by owner keys
2. 99% of activity is done with posting keys which don't have access to spend funds
3. Keys never get sent to the server

In the event our server is compromised, only users who load compromised HTML from our server are vulnerable. If this were to happen then most users would only have their posting key compromised.  Fortunately, this does not compromise their funds.  Some smaller set of users who login to do financial transactions with their active key could have it compromised as well. 

In the long run, the best security will take the form of a browser plugin that manages your keys and prevents Steemit.com from swaping out the JavaScript that loads your keys and signs messages.

We are taking measures to deploy watchdog bots that automatically detect changes in the deployed HTML and alert us to changes. 

Nothing is perfect, but in terms of performance, scalability, and security I am sure our team is up to the task.