Configuration: StaticRootPath vs CustomPath and their data directories

I’m doing my first packaging steps - so, bear with me.

I wonder about the STATIC_ROOT_PATH key (or setting.StaticRootPath).
Q: What is the propose of that directory?
As my understanding is, that the gitea binary file have all the assets already included. I’m saying this because I see people packaging such directory with the content (dirs) options, public, templates of the sources, that bloats it with more then 45MiB of data. My current layout looks like this


with the config

LDFLAGS="-X \"{_sysconfdir}/%{name}\" \
         -X \"{_sysconfdir}/%{name}/conf/app.ini\" \
         -X \"{_sharedstatedir}/%{name}\" \
	 -X \"main.Version=%{full_version}\"" \
make build

and the application works as expected (without the above mentioned data). As I’m not setting the STATIC_ROOT_PATH / StaticRootPath key, it defaults to AppWorkPath. In this case resolves to /var/lib/gitea.

All that said; Q: how does this StaticRootPath relates to CustomPath key?
My understanding regards this is, that CustomPath should have such directories (options, public, templates) for individual configuration but Q: just with a selected amount of files, right?

Last one; the config file defaults to {CustomPath}/conf/app.ini albeit I configured it exactly that way with CustomConf but I wonder Q: If I should put the config file outside of CustomPath as a measure to prevent access to it by path traversals access (even when the code prevent it (not validated), just as a best practice).

Thanks in advance!