The math on whether you should DIY versus paying for managed APIs really depends on your actual scale and how much your team can handle operationally. Those 100/500k page thresholds are solid ballpark figures, but honestly the real tipping point where self-hosting gets cheaper usually lands somewhere between 50k and 100k - depends on your DevOps chops and how messy your pipeline gets. On the validation side, yeah, spending $300+ to catch LLM injection attacks sounds about right, but it's kind of the conservative take, in practice, you can often get by with simpler stuff like regex pattern-matching plus spot-checking samples. Here's the thing that caught my attention tho - clean, well-structured HTML actually beats plain Markdown when you pair it with solid LLMs, which means that whole never touch HTML rule deserves some wiggle room. It's more like don't embed raw HTML in production RAG usually - downstream re-ranking models are actually pretty good at filtering the noise anyway