I’m in agreement, with one assumption: traffic obfuscation.
Encrypted transit alone won’t be sufficient when state and corporate actors are specifically targeting SAFE. It’s also possible that encryption, or certain forms of it, could be made illegal and ports detected using it are simply terminated.
IMHO it will become very important for SAFE’s traffic to be indistinguishable from generic clearnet traffic. For example, encoding SAFE’s traffic as ordinary web requests and mmo game data. Assuming that, unstoppability is within reach.
Even better than a big lock is invisibility.