The default configuration for Jellyfin is good. I mostly mean as long as you follow best practices in general you should be fine, eg:

• You keep your system and jellyfin updated;
• have some type of firewall in place;
• make sure you aren’t accidentally exposing jellyfins port directly to the internet;
• have a good password for your jellyfin accounts that are able to login from outside the LAN;
• and so on and so forth

https://jellyfin.org/docs/general/post-install/networking/reverse-proxy/

A firewall is probably the most important, having your ssh port blocked in the firewall being second.

As long as your jellyfin server is properly configured behind a reverse proxy, letting it be accessible publicly on the internet is fine.

Obviously everyone has their own threat model, but it’s not that big of a threat in this case (personally I don’t care).