Don't try this at home - HASS security concerns

A word of caution for those trying Home Assistant…

Meh. People who don’t understand network security shouldn’t be opening ports to the Internet.

From that same thread:

WeasleStompingDay• 11h
Keep your HA instance behind firewall and only accessible from LAN/VPN, make sure your IoT devices have appropriate firewall rules applied (only what a device needs to function) and you won’t face this problem.