Follow
To be honest, I don't know who leaves such daemons accessible to the whole world.
(reality then comes and says "yes, you don't know")
On the other hand, open-source projects such as LineageOS or Matrix (remember their Jenkins?) are the least guilty of all. They just don't have resources - neither money nor people - to take care of everything. That's why I routinely approach open-source projects I use and offer them infosec support for free or at very low cost.