@acdown87 I do agree with @dap35, there more you open to the outside world, the higher the risk.
Nevertheless, since you are running Hassio, if someone gained access to your frontend, they will be able to access your Hassio panel and therefore install all kinds of stuff (e.g. the Tor add-on, which would not even require port forwarding).
That said, if you want remote access to your configuration, you could install the “Configurator” add-on, which is in the core add-ons repository. Another option is the “IDE” add-on, which you can find here: Community Hass.io Add-on: IDE, based on Cloud9.