Am I the only one that has an issue with a VPN that I can't self host? Presumably if Tailscale get's PWN'd or subpoenaed then your network is breached no?
No, they don't have access to the Wireguard keys and everything is point-to-point. They'd have to push a backdoored software update to gain access (and this is a threat with any vendor product).
IIUC Tailscale controls key distribution, so you'd still have to trust them. However, it might still be possible to eliminate that need for trust by verifying peer connections out of band.