Security Considerations/Risks/Best Practices for Enabling CLR Integration (Assemblies) for SSIS Catalog

The major pre-requisite in utilizing SSIS Catalog is enabling CLR Integration. The instance in question is running SQL Server 2014. I'm looking for feedback and resources I can mine which specifically covers best practices and security considerations for enabling CLR Integration on SQL Server 2014. As I understand it, there are some peculiar differences with CLR Integration and the nature of safe vs unsafe assemblies between older version of SQL Server up to the latest and greatest versions. For example, SQL Server 2017+ has a feature called CLR Strict Security, which my 2014 instance does not. What is the default permission set to for assemblies on SQL Server 2014? The primary goal is to employ SSIS Catalog and be sure to follow proper procedure to reduce security risk. Are assemblies solely for the deployment of projects to SSIS Catalog marked as safe? Are there any assemblies for SSIS Catalog I have to keep an eye on which will be unsigned and, thus, not necessarily trusted? Secondarily, I may want to push data via API calls from SSIS packages and that, too, would require CLR Integration and doing so gives me pause on how and where assemblies are set to safe/unsafe, trustworthy vs asymmetric key. It sounds like calling an API from a SSIS package would be considered unmanaged code and, thus, would have to be marked with unsafe or external_access and need a cert/key. But the main thing is, before I make use of SSIS Catalog on a SQL Server 2014 instance, I just want to understand and be aware of any security pitfalls before I embark on it and enable CLR Integration.