Let's review this thread ...
it begins with
"I could try to increase php_max_input_vars but I've read elsewhere that doing so could included security risks, which I'd like to avoid."
Initial response informed max_input_vars setting was a per directory ... can could be applied via .htaccess in the directory where you want the value to increase or via php.ini in directory where you want that value to increase.
I assumed you were concerned about security risks ... and tried to link to things related to 'security risks' which was a poor attempt to say ... 'everything has an element of risk' on port 80 these days.
But ... moodle security is pretty good ... moodledata should be well protected ... only php scripts from moodle code related to backups/restores would have access (unless you as the administrator of that server have done something to allow.
Look down the list ... note the version of Moodle and see if any involve (specifically) max_input-vars and moodledata or just moodledata
note that is for 3.3 ... and from eveything one can read about reasons for security breaches and how to prevent them, think you'll find that the #1 recommendation is to always keep software up to date.
Administration of your server is up to you ... the method by which you address those security concerns is up to you also ... that's really the bottom line. ;)
'spirit of sharing', Ken