We should mention at least - using isolation (separate containers, VMs, ...), - not running scrapers next to mission critical software, - websites being scraped are untrusted input, - browsers (via playwright) execute untrusted code, which means that they are essentially giant security holes.
We should mention at least