I agree that enabling any form of remote access controlled by a third party increases attack surface, but I also feel like Tailscale has earned more of my trust than other vendors with the quality of their past security responses.
That incident ended badly for anyone that had a Windows box and got 0wned. Tailscale's response was good, but my trust in the software they produce was damaged by that incident. I'm a current Tailscale user (esp with their AppleTV app), but that incident wasn't good.
https://news.ycombinator.com/item?id=33695886
(If anyone has examples of Tailscale incidents ending badly please share and I’ll update my trust accordingly, but to date I haven’t heard any.)