Homebrew applications work better on non-SX OS based CFW such as
ReiNX and
Atmosphere.
Restoring a clean hack-free NAND backup made in Hekate is the safest way to use a hacked Switch online as long as you remain offline with all of your hacks. The issue here is one, you will need to constantly make new NAND backups every time you return offline because you cannot restore the same NAND backup twice (for obvious reasons) and two, any content saved into the NAND will be lost upon the restoration. This includes games, updates/DLC, and save data.
For blocking telemetry, the only other ways are manually blocking the Nintendo URLs yourself (see
here for a list) or deleting Wi-Fi settings and enabling Airplane Mode (deleting Wi-Fi settings is more important as Airplane Mode can get disabled when switching between docked/handheld/sleep modes).
And as for your last question, its pure luck much like people getting banned in the first place.