Always!!!
Node RED - is a target for hackers, so please use the strongest/safest methods possible.
If you search these forums - you will find many (unfortunate) stories of Node RED being hacked, and by extension - the systems it is attached to.
Its not a weakness of Node RED - more so the user implementing it, and foolishly exposing it to the public, without implementing the correct security measures.
See : Safely accessing Node-RED over the Internet
In essence - Don't open Port 1880, and instead create a tunnel for specific source connections.