Well plenty of people seem to be doing so. I guess it depends on the specific use-case.
The downsides of Dashboard are well documented. Mainly that it is a very large app that has to be loaded and that the very same structures that make it so easy to get going with Dashboard can, sometimes, end up being too restrictive.
That was the reason I designed and built uibuilder.
It would be great to have something in the middle of course and some people have started work on such tools. I've also some ideas that will, if they work out, will let you have widgets (probably VueJS based) that work with uibuilder giving you something easier to work with while maintaining the kind of flexibility that you might need for building secure UI's for specific commercial use.
Of course, you also need to think about security and risk when selling commercial systems. Thankfully, Node-RED is now pretty battle tested and some organisations have done security testing on it - though nothing publicly available unfortunately.
You've hit a specific issue which is unfortunate. There are a couple of choices right now:
- Contribute a change to Dashboard to enable multi-user authentication and authorisation.
- Use uibuilder or similar - possibly contributing (or not) some widgets