Exposed on an unprotected port? Doesn't sound great. I'd open an issue with them. I just know the guy behind it, he's a good guy and very smart, he probably just hasn't gotten around to battening down the hatches on security.
Well, I installed their player when I watched an interview with nostr:nprofile1qqsf03c2gsmx5ef4c9zmxvlew04gdh7u94afnknp33qvv3c94kvwxgspz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsz9rhwden5te0wfjkcctev93xcefwdaexwtcpr3mhxue69uhkx6rjd9ehgurfd3kzumn0wd68yvfwvdhk6tctty609 on a podcast. At first I liked it, but when scanning my local network, I found the following services open ins my smartphone: telnet, mysql, among others that I don't remember. Look, I didn't like that and I thought it was kind of strange, so I uninstalled the app, and the services gone. Does nostr:nprofile1qqsf03c2gsmx5ef4c9zmxvlew04gdh7u94afnknp33qvv3c94kvwxgspz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsz9rhwden5te0wfjkcctev93xcefwdaexwtcpr3mhxue69uhkx6rjd9ehgurfd3kzumn0wd68yvfwvdhk6tctty609 have anything to say about it?
Discussion
I don't rule out nmap false positives. I will test again more carefully and will let you know, but I ran the scan 4 times and the doors were there. I tried to connect through them to see and the connections were refused, but I still thought it was strange and decided to uninstall