How safe is it to let customers pass on some data from a suitelet, from a data security perspective? Is it a good practice?

I'm not sure I follow what you mean by 'pass on some data'?

We need customers to send us some logistics information before creating item fulfillment records. We are thinking of using a suitelet to let them send those information. I was wondering if it is a safe practice to expose suitlets to customer.

If those customers log into netsuite first, I wouldn't have a problem with it. However I do try to avoid Suitelets that don't require login unless no other choice.

That means individual license for Customers right to let them login?

Yes for stalbert's recommednation you would need a licence per person. You can also use a restlet with one login. How many people will be submitting data at a time? Also restlet will be secure.

I think it will be one person per customer, submitting the data. However, how is a restlet going to help me, if I want a form to be filled out by them?

A restlet if you can create the form outside of NetSuite.

I would advise against going the route of having a Suitelet available without login. It can become an attack vector especially since you’re looking to receive data from the Suitelet. When it’s available without login, authentication is not required at all. You’ll need to integrate authentication security, session management, user authentication management, etc…. Not only that, Suitelet’s execute using your SuiteCloud processors. What will prevent those attacks from bogging down the rest of your SuiteCloud processors since you won’t have control over the firewalls, routes, gateways or edge security to mitigate and/or prevent any of those?

Right! What would be the route that you would take in this case?