A few questions before I deploy this

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import 'https://github.com/OpenZeppelin/openzeppelin-contracts/blob/release-v4.1/contracts/token/ERC20/ERC20.sol';

contract Sample is ERC20 {
    constructor() ERC20("Sample", "SAM") {
        _mint(msg.sender, 123456 * (10 ** uint256(decimals())));

A few concerns I have:
—Does this code look secure?

—Should the imported code version (0.8.0), the written code version (0.8.0), and the Remix compiler version (0.8.0) all be the same?

—Why does Max Total Supply show 0 in Etherscan? I’m using Ropsten.

Thank you.

Yes, but only look like. I think there is not a 100% secure code.

You does not use a fixed compiler version, you can use compiler version 0.8.0 and above. If you want to use a fixed compiler version, you should specify it, such as pragma solidity 0.8.0;

Maybe you deploy contract wrongly, when you deploy contracts by remix, you need to select the contracts manually rather than by default.