@feld

To be honest, I don't know who leaves such daemons accessible to the whole world.

(reality then comes and says "yes, you don't know")

On the other hand, open-source projects such as LineageOS or Matrix (remember their Jenkins?) are the least guilty of all. They just don't have resources - neither money nor people - to take care of everything. That's why I routinely approach open-source projects I use and offer them infosec support for free or at very low cost.