Yes, agreed.
Which leads me to want to bring up my post of a while back HA security and hacking
I think hassio is actually quite brilliant given its objectives but I really do believe the whole security thing should have been tidied up first. It’s kinda cruel to offer a simplified solution to people not knowledgeable enough to make sure they are using it ‘properly’ (and I count myself just about inside that subset of people too, when it comes to network security).