You're 100% right. Actually was a bit concerned myself when I realized hundreds of people were peering into how my server is doing.
But at the same time, I understand the security risks and if I have to I can just stop netdata's container and add some more security on it before turning it on again (I'm not running some SaaS startup, so security isn't a huge concern and I don't think you can do anything with my netdata that can affect or show anything else that can make me prone to attack)
Reduces surface area of attack, you never know when a 0day is going to be found. Exposing monitoring/metrics is particularly interesting as it exposes a lot of information to an attacker, if they're trying to starve your machine of a resource or whatever.
Exactly. They have direct access to your vitals and can push certain buttons to figure out how your system is running to brute-force that attack, ultimately ruining whatever they intended to do.
I'm probably going to change how publicly accessible my monitoring view is soon, but for now, it seems pretty cool for everyone to see.
I wrote this to setup my web server, mail server and VPN server, and auto-generate all my VPN keys.
https://github.com/sumdog/bee2