Yeah and of course it will be depend on your personality and risk model. Compared to other things I don’t want to risk my data, whether leaked or damaged. And I make mistakes, a lot. If you are very meticulous and can ensure that you can put up all the security measures yourself and won’t expose something you don’t want to. I am just not that kind of person.
I'm not meticulous either. I had one responsible disclosure and a few times where I noticed issues myself but never that an attacker discovered it first. There's not that many malicious people. The only scenario where you realistically get pwned is when there is a stable and automated exploit for a widely spread service that can be automatically discovered, something like Heartbleed or maybe if a WordPress plugin has an SQL injection or so
Run unattended upgrades, or the equivalent for whatever update mechanism you use, and you'll be fine. I've seen banks with more outdated running services than me at home... (I do security consulting, hence)
