I would consider it if is exposed to the internet and not just for internal use only. I was once rather lackadaisical about that until I looked at a Netgear router log for a new router. uPnP was on and lots of ports from my QNAP device were apparently exposed to the internet. Some inquisitive Chinese hackers were going up and down some QNAP ports (22 especially) looking for an open session. I don't know how they found me; maybe from a list of Comcast customer IP addresses.
I turned off plug and play on the router. I also made my QNAP passwords more complicated. They didn't get anything but It got my attention.