At a high level overview, Hype's HTML5 output results in a pretty vanilla web page, so nearly all questions asked about Hype-made e-cards apply about the same to web pages/sites in general.
Web pages are constructed by downloading individual files. Web browsers allow for viewing the source HTML and all requested files. Therefore it is trivially easy on normal web pages for someone to download and repost or simply link to your assets. This is how the web has been since it was created, and how it exists today. Overall this is feature of the web, not a bug. This is a problem nearly every creator thinks about, and yet at the end of the day 99.999% of them come to the conclusion it is not worth worrying about.
About all you can do is obfuscate things to make it harder for folks to get at data. This also usually make building your own content harder to produce. Ultimately if a computer needs to know how to build a webpage, then adversaries can ultimately do the same thing and copy your content. There's always even lower tech solutions that can be employed to copy your content like screenshots or even camera photos ("the analog hole").
It is usually not worth worrying about because:
- The web is vast and there's tons of other content to copy
- There's very few bad actors in the world who would copy your content for their own gain
- The damage value to stealing your content is often very low. Your site continues to work no matter what they do. Copyright violation is not theft in the sense that your content is gone. It is likely that the violators have a much smaller following so it won't hurt your reputation.
There are non-technological solutions to deal with this instead, such as takedown notices and copyright lawsuits. You can also shame folks on twitter, if need be (and you have reached out to them privately first).
All that said, many e-cards do not use any interactive elements at all. If your e-card plays more like a video, then you may want to consider using a video format or animated GIF instead. In Hype, see the File > Export as Movie menu for the options here. This means you can share an individual file, and extracting individual elements is basically not possible unless someone takes the time to mask out backgrounds and such. As an individual file instead of a webpage, concerns like where to host or keeping your servers free of malicious code become much less of concerns.
But to answer the other two questions, going an HTML route:
A lot of e-cards are sent by email with a link to the interactive page. This would be hosted on your web server.
It is responsible to think about this question.
Most competent web hosting companies run scans on hosted content to help make sure that stuff hasn't been injected into the page. Generally if you are just posting static HTML content and assets you don't need to worry about your content being attacked. There's of course tons to this topic and tons of different attacks and threats, but probably not worth worrying about at your scope.
If you're more curious about the topic, ultimately I recommend taking courses about the fundamentals on underlying web technology and computer security.
Ultimately though we get questions like this frequently and I believe that often the concern overrides the threat potential. It is better to focus on making great stuff .