I did take some very basic precautions otherwise (its firewall is configured to drop all non-local packets but for TCP ports 80 and 443), but at some point I'll have to host my blog properly instead of piggy-backing on a dinky, always-on NAS...