Sort of. Somebody still has to follow the other or find a post from outside their server and comment on it before any communication takes place. How likely that is depends on who's on your server.
If you're hosting people who already have a large audience, or are especially vulnerable to harassment, that's probably going to happen sooner or later and it would be wise to craft or copy a denylist before it does.
I run my own Mastodon server and I've never had to take any moderation actions with a few hundred followers. I know the names of a few vile servers and can't recall seeing them among my followers. I suspect I'm fortunate in just not being interesting enough to vile people.
True, but apart from moderation, the engagement driven algorithm on Twitter also does a ton to proliferate vile content. On the federated platform the algorithms tend to be simply chronological and limit the content to account you explicitly follow. Meaning there is way less exposure to undesired content. One of your follows must be the one to repost it (which may warrant an unfollow or mute, etc.) or you must opt into an algorithm that gives you unwanted content (which you may then simply swap out for a better one).
