Phishing defence and account hygiene.
The biggest risk on Crown is a lookalike address, not the market itself.
Copy addresses from a signed source, never type them, and check against the captcha before you enter a password, every session. If a login ever asks for your recovery phrase, close the tab.
A fresh username, a unique password in a local manager, the recovery phrase on paper, and small on-market balances. PGP-by-default helps, but the address check is still yours to run.