It depends on how importent security is for that system and how devestating it would be if someone else got control over it and all accounts and devices connected to it.

Assuming there are sucessful exploits it would be like running everything as root and disabling all sandbox/isolation features from the kernel and browsers. I’d say you should not connect such a machine to the internet.

You can request to take over the existing package if it’s broken (-git packages tend to pull the latest version, so don’t fix it if it isn’t broken).

You are not expected to maintain it forever. However you should make it a -git package if you do not intend to update it on every upstream release, so it stays up to date without changes to the PKGBUILD.

Sway can read the same configuration as i3 and behaves almost identical. So with both installed I’d assume that you can switch seamlessly