Utility of installing Kicksecure in disposable sys-* qubes?

I’m interested in whether there is any utility in runnning kicksecure in sys-* minimal debian qubes that are disposable (I suppose minimal in that context is oxymoronic :smiley: )

As I know there is no private storage and each boot of disposable sys-* qubes is essentially fresh from the template, is there any value in implementing this setup? Obviously disposability removes the conceivable vector for persistence, but would kicksecure features help prevent compromise during use? And if it could, what would the implication be in terms of adding code & risk to the sys vm?

Has anyone tried it, or are there any other hardening tips for sys-* qubes?

I’ve seen it referenced here:

At time of writing, Kicksecure ™ is untested in Qubes service VMs such as sys-net , sys-firewall , sys-usb .