The State of Things
Click an item to open it. If you're confused about anything here, or need additional help, see the Nintendo Homebrew discord.
Currently, there is no widely supported software-based exploit for the Switch on any firmware version above 4.1.0. Software-based access to CFW is in progress for 5.0.0 to 7.0.1, but not finished yet. Notably, there is a hardware exploit that can get CFW. However, only a Switch unit produced during or before July 2018 is likely to be able to access it. You can check your serial number to see if you're vulnerable to the exploit. For a how-to on that and the rest of the process, see the Nintendo Homebrew server's Switch guide.
What's a hardware exploit?It's some kind of flaw or bug in the hardware that can be taken advantage of. The exploit you are taking advantage of is a bug in the Switch's NVIDIA Tegra processor (yes, you read that right). The Nintendo Switch has a hidden boot mode called RCM (Recovery Mode). This allows Nintendo to repair the device's software without having to take it apart. It's usually entered by using a physical piece of hardware called a "jig", which is a small piece of plastic with wire in it, but there are other methods (which won't be discussed here due to safety concerns).
There's also Maintenance Mode, which would be more often accessed by end-users. RCM and Maintenance Mode are different. See the Switch Guide linked above for more information about what RCM is and how to get into it.
Normally, only Nintendo can use RCM to do anything. However, this recovery mode has a bug in it (on systems with the vulnerability) which allows us to run our own code (called a "payload", which is a fancy term for a data package) and thus boot CFW (custom firmware), recovery tools, or even other operating systems like Linux. The most common payload users run is Hekate.
Regardless, Atmos does support the addition of sigpatches, which is what enables installing unsigned packages to the home menu (and piracy), but requires additional configuration to make it work. So, in essence, there's no real reason to use anything but Atmos. Also, Atmos has implemented emuNAND/emuMMC functionality, which makes using CFW on the Switch much safer. For additional support with emuMMC/Atmosphere setup, see the Nintendo Homebrew discord.
Additionally, we speculate that using low-impact functions on sysNAND, such as running the homebrew launcher through the album, is safe. However, your experience may vary. If you need additional advice about the information here, see the Nintendo Homebrew discord.
The problem with CFW is that the Switch has an awful lot of telemetry and logging, which it sends back to Nintendo, and Nintendo seems to have implemented an awful lot of systems set up to track hacked consoles. While in CFW, you should use airplane mode/90DNS to redirect the sending of these logs, but that's not a guaranteed solution, as the console may store some logs and send them the next time it is able. Atmosphere has gone to efforts to redirect and disable the logging modules, but nobody is quite sure if that's effective, and we don't know how much gets through as we have no way to monitor it. The safer option at this time is using an emuNAND/emuMMC, which functions like a "second Switch" inside your Switch.
You can find a full explanation of how bans work on Switch (and how to avoid them) here.
This means that you can safely use hacks on your emuNAND/emuMMC (so long as you keep it offline), and use your sysNAND for online play or normal usage. By doing this, you can get the best of both worlds: hacks on your emuNAND, and online play on your sysNAND, without having to buy two Switches for it.