SEO Effects of the Blog in Domain .us Separated

Hello, my website is currently in development and I would like to have an excellent easy-to-use blog. I'm not an expert in technology, so I want to use a WordPress site for the blog. From what I know about SEO, the blog must live under my top-level domain in a subdirectory to get all the benefits of SEO. If my website is goliathvs.com, I should have the blog on goliathvs.com/blog or blog.goliathvs.com and not have the blog on goliathvs .us. This seems obvious.

However, my developer says that adding a WordPress site to my top-level domain will present significant security vulnerabilities and add too much stress to our server. My question is, how necessary is it for the blog to live under my high-level domain for SEO? Is it useless to use resources in a blog in goliathvs.us if my real business is in goliathvs .com? Also, is a .us domain a bad idea in general?
SEMrush

I'm in college working hard, trying to start an online business (not really goliathvs.com) and I do not have the money to hire an SEO consultant. So any help is much, much, much appreciated! Thank you