Well you can use it via ssh so you don't have to open it up to the Internet directly.

The same that OpenSSL had with thousands of eyeballs looking at its source code for decades.

Aka 0. Security is a theater for the amateurs.

The worst one is password based login it enables