Ruby on rails is good if you want to follow their convention. It is designed for convention over configuration. I think it covers 80% of web development use cases. If you’re going to do heavy customization, do every configuration by yourself, like programming over configuration, microservice, and advance ORM ruby on rails is not your answer.
Ruby On Rails is best used for creating an online application by following their configuration. They already do many heavy things for you. You have to be concerned about the functions you want to deliver to the market. Rails already do other heavy parts for you.
If you write code following their document, it is hard for an attacker to attack your system. For example, if you pass params properly to ActiveRecord, they already protect you from SQL injection attacks.
Ruby On Rails helps you optimize performance even though it is a dynamic language. For example, They can help you eliminate n + 1 with ActiveRecord. since Ruby on Rails’s community is quite solid, there is rubocop-performance gem that enables you to fix code that can run with a bad performance.
Ruby On Rails has a solid web community, and there is no boiler boilerplate; it’s convention over configuration. With devise gem, you can set up a project and implement a login page in less than an hour.
If you want to start a project with ruby on rails, I suggest you have to follow Rails document strickly. Ruby on Rails doesn’t fit you if you want to customize everything. It can be excruciating if you’re doing something out of a box with Rails. Even something seems simple, like serverless.