Hass.io Node-Red Add-on Security rating

I have my Hassio instance running with Duckdns and encrypted via lets encrypt (part of the Duckdns addon). I added the SSL info to my node-red add on and everything has been working smooth for over 5-6 months now.

For some reason, I never noticed the Hassio Add-On Security rating was a 2 out of 5 and it made me wonder if there was anything I should be worried about? my understanding was that since Node-red was secured by the same credentials as my Hassio instant that I was good? or is there some other reason this has a 2/5 security rating?


This is a good question and I too would like to know more about this.

@frenck explained that in detail in one of his past streams. Can’t remember which one. :slightly_frowning_face: