HEX is not a security. There aren't actually any coins, they're just numbers in a distributed database. No one is actually given anything. People can execute the code they choose, on their own, that changes some numbers in a counter. The code that edits some database values should only be modifiable by valid key holders who've signed a cryptographic message. Other code can be run by anyone if they like.
There is no common enterprise, there shall be no expectation of efforts of a promoter or third party. There is no expectation of profit from the work of others. People pay the Ethereum network to execute computations of their choosing, on their own. There is only an immutable compiled bytecode sitting on the Ethereum network. It can't be changed. They're just numbers living on the Internet. The code can do nothing on its own. People can run the code if they want to, or not. The code can do nothing on its own but sit there.
Users generate their own keys, no one else has keys to give them. Bonuses don't actually take anyone else's database values, they just add or subtract more or less database values based on the system state.
If you can, learn to code; or have the smartest coder or computer scientist you can find read over the code you plan to execute. The origin address gets the same bonuses you do except interest. Base claims are not a bonus. Bugs and edge cases do happen, and it's unfortunate when a program does something you didn't think it would do, or perhaps didn't want it to do.
Blockchains, Smart contracts, and Cryptocurrencies, Are all cutting edge technologies, and as such, there is a risk, however small, of total failure. Software is hard. Computers are hard. Distributed software on distributed computers is harder. It's a miracle this stuff works at all. Strong cryptography seems unlikely to be broken, but if it is, everything will probably be broken.