If you want to risk your user base getting screwed with malicious code injected into your project by a person who administrates those services, then sure, this is a great idea.
One isn't more secured by default with a virtual machine on a cloud that with a shared hosted site. There's no more reasons to trust Google/AWS/whatever admins, than there's to trust Scaleway (or any other company you want) ones. And it's not because you installed the OS yourself that they'll not have an access to it if they really want ; especially with a VM on cloud solution.
In the same time, since it's someone who have near to no knowledge that will have to administrate the server, it will be less secured. Firstly because even if he believe the opposite, he will not know what he's doing. Secondly because he'll never dedicate enough time to check advisories and patch his system. Thirdly because he'll not have the starts of a clue regarding how to react in case of suspicious behavior ; anyway he will not even detect when there's a suspicious behavior.
Otherwise, this is a serious security issue, because you don't have full control over the files you upload, and they can be replaced with anything and you wouldn't even know the source of the problem.
Talking about serious security issues:
Connect to it using SSH (or through the browser directly if your provider supports it, GC and AWS for sure does)
As if TLS was flaws free and a HTTPS connection as secured as a SSH tunnel...
But this being said, you also have no control over the player connection, what make most of your preventive moves useless. If you effectively care about the integrity of your updates, it's client side that it apply.
VM costs around 4-7$ per month if you get the cheapest one, so it is not that bad.
And you can get shared hosting for the same price... with the peace of mind in top of this since you don't have to fear that you left a big hole in your system. So, your point is ?
