Yeah hager KNX devices are pretty shitty. You need to seither usw rigid copper wires or use a really small screw driver to open the clamp that holds the wires in place. I wouldn’t recommend Hager KNX devices to anyone. They are more expensive and have less functionality than I.e. MDT devices.
I have 10y of KNX experience and have never seen a case of KNX hacking. Potentially its possible either by forwarded ports or if you have devices outside your home (someone could remove a presence detector and reprogram devices potentially… Will never happen IRL)
Homeservers could also be hacked if you forward its ports to the internet.
If you only use VPN to connect to your otherwise closed network, I don’t see a way how someone hacks your system.
If someone IS inside yoye system and has a lot of spare time, they might set a BAU password, but AFAIK you could unload your devices even if a password is set.
Merten/SE Multi touch Pro are okay if you consider they also have a RoomTemperatureController (PI) integrated. Those are often times pretty expensive. The touch is a bit slow some times but you can load your custom symbols which is pretty cool IMO.
I wouldn’t recommend cyclically sending the status, because how often does the power supply go down? If you must, use a really high delay, half an hour or so. It might not be an issue at the start but KNX can support 50 telegrams per second max. If you have useless telegrams convoluting the traffic that can lead in larger installations to problems.
Regarding a LAMP (php?) or home assistant server.. I would highly recommend a more standardized solution, as in example the gira homeserver. (Either as a standalone version (futro 700/720/900/920) or as the virtualized version (hyper-v or VMware) as you can use many premade solutions by others or you can write own logic blocks in a simple py script. Its also much less volatile than some custom made solution which relies on communication between multiple protocols.