Hiawatha is my preferred webserver both in terms of performance and security but i shy away from using it professionally, and tell myself that i’m doing it to avoid the lock-in of relying project run by a single developer, but suspect that I am just a victim of herd mentality :/
If you have not heard about Hiawatha, its main features are simplicity and security. It is simple to configure and protects against SQL injections, XSS and CSRF attacks, bans potential hackers and limit the runtime of CGI applications.
For a full review of Hiawatha i recommend this one by Chris Wadge.