My startup company, https://LeastAuthority.com, uses Twisted Web for the public-facing web server and the customer signup server. We chose it for security. Even though we like nginx and use nginx for other purposes (e.g. https://tahoe-lafs.org), we think the Twisted codebase is less likely to harbor exploitable bugs, in part because it is written in Python instead of C, and in part because it has fewer features. Also, because the Twisted development process seems likely to limit the rate of dangerous bugs being added in new releases. On the topic of reliability, the way we use it is just to start it with a cronjob when the server boots up. The Twisted Web process has never yet died of its own accord, and if it ever did we would manually restart it, and investigate in the attempt to ascertain what had happened, rather than just automatically restart it. Oh, there are some potential security problems, too, with Twisted Web! In its default configuration it offers to use single-DES for encryption, which is a bad idea even though it isn't clear (to me) whether an attacker could take advantage of that. http://twistedmatrix.com/trac/ticket/5514 It also has compression turned on, apparently, which could lead to a vulnerability in very specific circumstances (called "CRIME"), and it by default supports RC4, which has recently been condemned by cryptographers as potentially unsafe. Also, it does not, at least with default configuration, support forward secrecy. Here's a report from ssllabs.com about the settings of https://LeastAuthority.com: https://www.ssllabs.com/ssltest/analyze.html?d=https%3A%2F%2Fleastauthority.... Although I would like to see those things improved (I would like for the report to look more like this: https://www.ssllabs.com/ssltest/analyze.html?d=https%3A%2F%2Fzooko.com , which is an nginx installation), none of them are as important to us as reducing the chance that an attacker could exploit a bug in the software to gain access to the server. Regards, Zooko