Since sys-net is an HVM with PCI access, I see it as one of the weakest links in terms of security. A member of the Qubes Team seems to agree with me in the linked thread. I’d recommend creating another sys-usb for all other usb devices not involved in networking.