

There are a few security issues with it, but all of the worst known issues require a valid login token. So an attacker would already need to have valid login credentials before they could actually do anything bad. Things like being able to stream video without authentication (but it requires already having a list of the stored media on the server, which means you have been logged in before). Or being able to change other users’ settings (but it requires already being logged in to a valid user).
Basically, make sure you use good passwords, and actually trust any other users to do the same.
Here’s a reminder that the Olympics was held in Nazi-controlled Berlin, and a team of 18 black athletes from the US thoroughly trounced Hitler’s “master race” talking points by sweeping the medals.
The black athletes then had to return to the US, where segregation was still the norm; many of them struggled to support themselves afterwards, because racism kept them from being hired into any decent jobs.