I think if you're worried about having a large unvetted attack surface, simply releasing it en masse to beta testers won't usually result in a very secure product. Sure, you'll get some bugs closed but plenty others will simply get ignored or worked around or worse reserved by bad actors for when it's live. It only really makes sense to release something like that to a wide audience after you feel like you've made a solid first attempt.