Running a private server for RO isn't illegal in the sense that you wont get in trouble unless you go public with it (IE advertising or you allowing connections to it outside of your home network). How you handle donations is completely up to you. You can either go through the right channels and try to make everything legal or you can do what 98% of server owners do and just keep all the money hidden under the table and not even worry about taxes. That all depends on your country of origin.
Things to protect yourself against are cheaters and DDOSers. Both of these can cause a disruption to your server and it's players. Most digital hosts provide free or paid DDOS protection so that you don't have to worry too much about. Protecting against cheaters is a different story all together. There are many different cheats from macros(autopot programs or keys), custom job sprites that reduce frames for animations, bot programs to autolevel, and in my general opinion GRFs that remove textures and replace them with modified textures to give players an unfair advantage in PVP/WOE.
If you want to avoid legal issues all together with Gravity, Don't use anything official by gravity in your server. Maps, Classes, Skills, Headgears, monsters, etc the whole nine yards. This includes their UI. So overall you'd need a custom client as well. While it is possible to do this, it would take extremely large amounts of time, money, and effort. You'd basically be paying to make a new game entirely because rAthena's emulator is not the illegal part of running a private server. It's using Gravity's files in your server.