Its a surprise to me that a reddit post or any kind of random text blurb can be used as an admission of anything. What if the guy simply says I made all that up for fun? There is no requirement for text written on the internet to be under oath. Edit: fixed spelling oauth -> oath ;)

Yes you should be worried. Dont expose services you’re not able to keep up to date and know how to manage and secure. Using tailscale is a great alternative as it allows you to have access without exposing anything to the internet, I’d prefer that. For everything else, subscribe to a CVE service for those (I use nextcloud and matrix and follow all security findings) and be ready to take them offline as soon as a critical exploit appears. Dont expose your passwords directly to the internet - ever; no matter if anyone else tells you its OK.