Best Practices for MU/BuddyPress Sites?

I’m new to WordPress.

My first project is a Multiuser/BuddyPress site. I’ve been very impressed with how easy it’s been to set up as well as the resources from this site. However I’m concerned that I’m about to start hosting blogs for people on a platform I have very little experience with as a user.

Would love to hear best practices from others regarding how you’re:

– Keeping your multiuser site safe and secure

– Keeping malicious users off

– Providing value add to your users

– Providing users plugins and templates

– How you’re monetizing plugins and templates (what your offer, charge, etc)

Specific Questions:

One core need I have is to let bbPress users upload/download files. How are you scanning uploads for virus/malware to keep end users (and the server) safe? My environment is a VPS running CentOS/cPanel.

There is a popular (non-WPMU Dev) Premium Theme Framework that I’ve been told my future users would like. It appears their licensing will allow me to distribute it on a multiuser site (and I think monetize it). Is there any reason why I wouldn’t want to do this (other then paying for it)? Are other MU sites doing this?

Am I asking for problems if I provide users access to popular free plugins and templates from WordPress.org? I want to provide the kind of resources that I myself would like to use but when I see how locked down WordPress.com’s environment is (no plugins, etc) I’m concerned that I might be asking for trouble.

Thanks in advance for your advice.

Sid