Best practices for auxiliary services and .env

I've been running my services for a few years now and everything has been working great. However when I originally set things up I was quite new to docker, I've tinkered and added lots over the years, but am aware that I may not have things implemented the best way. I've been putting off getting things sorted, but want to get it all done properly. Any advice would be appreciated! I am keen to implement some 'best practices' and generally tidy things up.

My main question for containers that require auxiliary services (databases or caches like redis etc) do you use an instance of that service for each container (currently my setup) or do you run one instance and have multiple containers connect (one main darabbase/cache that multiple containers use). I don't want to create a bottleneck, but it would be nice to cut down on the amount of containers running if possible.

I'm not pushing any of my docker compose files to github or anywhere off of my LAN so is there any need to use a .env file to protect sensitive info like database passwords etc? If this is something that I should do I understand that not all images support the use of env. Is there a better implementation? What are you guys using?

I terms of backing up I generally don't use volumes, I use one config folder which everything is mapped to in and back this up along with my compose files. Should I switch to volumes is there a benefit, or is the mapping method OK?