Hmm, I think disabling the auto updater of WordPress itself is probably a good decision. But updating through Softaculous is generally very safe. Are you sure that disabling the automatic upgrades from Softaculous is necessary? Because if that uses the same mechanism as the manual update through Softaculous, I think it’s safe to enable that.
One concern though is that the Softaculous catalog on free hosting isn’t always up to date with the catalog from Softaculous itself. So never updating WordPress by hand may result in websites with known security vulnerabilities not being updated.
According to the documentation, it’s also possible to set the update options to 'minor', which menas that only security and maintenance updates are done automatically. I personally primarily see the corrupted site when WordPress does a bigger release, not on security updates. Security updates tend to be smaller, so they may be safe enough to do automatically.
I would normally apply the update(s) (themes/plugins/WP update) 1 or 2 weeks after every release(s). This is to ensure that all kinks are sorted out. I had a few bad experiences where plugins/themes updated immediately would caused hosting account to be suspended “due to abuse”. I am playing safe using this same principle for this case. This will be at the expense of security.
Yup, had noticed this issue as well. Updated WP via ftp on quite a few occasions as well