I was going to run two nodes and had setup the addrindex patched node to run on a VM. Due to some disk constraints (speed, capacity) I ended up deciding I would just run the patched addrindex node and use whitebind and whitelist in my bitcoin.conf so nobody but I can connect. You raised a point about vulnerabilities. Do you think the addrindex node is protected if I use whitebind and whitelist?
You have to connect to the outside world somehow... you could run your gateway node with pruning, then it would only use about 3GB space or so.
Also, what about the incorrect results you saw? What did you see and was it from this version: bitcoin-0.13.2-addrindex?
Querying it on an address wihch had funds returned no results. The addrindex code there was written by Pieter as a quick lark, before he realized it was a bad idea and abandoned it. Other people picked it up and patched it forward but made no effort to improve it or investigate the issues I encountered with it.
Generally it's my expectation that anyone who uses something like addrindex is eventually going to be forced to us a centralized service provider like blockchain.info once the resource costs of an unpruned address indexed full node is beyond what they can support. (The fact that you struggled with running two nodes suggests that you're within a factor of two of that already).