Well, it's on a private network behind a firewall, with only one port open to the world running an up-to-date sshd. (I do regularly compile the latest updates.) There are no ports forwarded from the firewall to this machine. I have two user accounts on this machine: mine and my wife's, and currently my wife's account doesn't have a valid password set, and so is disabled.
I trust everyone that uses my private network (my wife and a couple friends).
Sure, someone *could* try to hack my WiFi and then try to find a remote root vulnerability that doesn't require an open port, and then try to guess my 8 character randomly generated alphanumeric password, but really, I'm not too worried about this machine.