In terms of security, Magento’s open-source approach is crucial. The open-source version brings with it a lot of freedom for creative adaptation of the platform, but also a certain degree of vulnerability. Cybercriminals have an easier game when it comes to exploiting discovered vulnerabilities in the code, particularly in extensions. Uncovering security problems in Shopify’s source code and using it to infiltrate malware and the like, on the other hand, is much more difficult. Furthermore, Shopify has set up its own team to guarantee the security of its hosted stores. Like Magento’s paid editions, Shopify also ensures PCI-DSS (Payment Card Industry Data Security Standard) compliance for all card payments.
The comprehensive support for all Shopify stores also has a positive effect in terms of maintenance. The provider ensures that the underlying hardware works and also takes care of updating the software if necessary. As a user of Magento Open Source and Magento Commerce, these two points fall within your area of responsibility, unless you have chosen a hosting provider to take care of the maintenance.