@teleclimber @floppy @wire@anarchism.space I don't consider it that big of a concern in this situation since ISPs need to keep the routers secure anyways. And adding a webserver with file uploads from the local network barely increases the attack surface.
If you'd be using this for more than a static webserver, sure then the attack surface balloons. But I think basically everything most people want should be covered by static hosting.