The problem is many do not do the home setup properly on their own, as evidenced by this post. Many just port forward 8123 and don’t even bother to setup SSL, leaving their install completely exposed wide open on the internet.
So, Nabu Casa is far more secure then an improperly setup home install, and improperly setting it up on ones own is very easy to do. So, I think you will hear many just default to saying that nabu casa is the “more secure way”, and I would have to agree, as that at least guarantees the user some level of security they don’t have to worry about messing up.
Now, if someone has the skills to setup a VPN, reverse proxy, or some other secure solution themselves and make sure they do it right, it can potentially be even more secure to setup then Nabu Casa IF done properly. I’d say the VPN is the most secure, but some integrations need secure access back to your machine through SSL (like Google Google Assistant - Home Assistant ) so a VPN probably wouldn’t work, and you would need a reverse proxy. I actually run both a reverse proxy (SWAG - Nginx Reverse Proxy Set Up Guide – Docker ) and Wireguard as a VPN Wireguard Container . Some hings are exposed through the proxy, other things deeper in the system need the VPN to access. For example, I run a Home Assistant container install, and manage it with portainer. I do not feel comfortable exposing portainer through the reverse proxy since it can access things deep within the system, but I can access it through the Wireguard VPN.