Utility of installing Kicksecure in disposable sys-* qubes?

I’m interested in whether there is any utility in runnning kicksecure in sys-* minimal debian qubes that are disposable (I suppose minimal in that context is oxymoronic )

As I know there is no private storage and each boot of disposable sys-* qubes is essentially fresh from the template, is there any value in implementing this setup? Obviously disposability removes the conceivable vector for persistence, but would kicksecure features help prevent compromise during use? And if it could, what would the implication be in terms of adding code & risk to the sys vm?

Has anyone tried it, or are there any other hardening tips for sys-* qubes?

I’ve seen it referenced here:

At time of writing, Kicksecure ™ is untested in Qubes service VMs such as sys-net , sys-firewall , sys-usb .

Thoughts?

I heard Whonix is based upon KickSecure, so then I wonder now that maybe we could just use an altered Whonix VM without the TOR gateway feature and just setup a sys-firewall and/or sys-net so then it would be the same thing as just upgrading a Debian VM to a Debian KickSecure, right?

I am unsure …
… which is why I am asking and resurrecting this stale topic entry by commenting on it