tl;dr: @antirez just modified the default redis.conf so that it does not bind to the world. In a tradeoff between first-user experience and security, secure-by-default is the way to go.
Just a heads up: when you are freshly installing/configuring Redis from source, be sure to comment out "bind 127.0.0.1" if you wish to access Redis from other servers. (Some distributions, such as Debian/Ubuntu, change the default to bind to localhost only.)
Hopefully this change will minimize exposed Redis boxes with minimal impact. (note, memcache is open to the world by default as well.)
Just a heads up: when you are freshly installing/configuring Redis from source, be sure to comment out "bind 127.0.0.1" if you wish to access Redis from other servers. (Some distributions, such as Debian/Ubuntu, change the default to bind to localhost only.)
Hopefully this change will minimize exposed Redis boxes with minimal impact. (note, memcache is open to the world by default as well.)