1. In general, it is normal to have only nginx on one server, which proxies requests to many other servers.
2. Proxying can be done using the https protocol, to increase the security of data transfer between servers.
If the server is hacked, not only can the data be intercepted, but it can also be used to give visitors their own forms to enter the same bank cards. So use stable versions of software on the server, keep up to date, disable root, and log in with a certificate instead of a password.