@micuat It was a conscious decision to have SSH enabled by default on the Raspberry Pi, since this is needed for headless operation (e.g. using the Upload to Pi tool for Processing).
As for security: theses days network devices are almost always behind a Network Address Translation device (or NAT), which prevents hosts from the internet to connect (except the device specifically asks for port forwarding, which sshd won’t.) On IPv6 class networks you typically don’t do NAT, but all IPv6 home routers I have seen run a firewall to the same effect.