You don't have to expose your self-hosted services on the Internet to begin with. 0day bugs do exist even if you diligently apply all security updates.
making sure that your system is not exposed to the internet takes effort too. and then you realize you want to share something with friends or family, or access your home server from remote. you also want updates for new features too eventually.
There are different degrees of "exposed to the internet." You don't need to make your self-hosted services fully accessible by anyone from everywhere. VPN, IP whitelists, mTLS, HTTP basic auth, etc. change the calculus of security and feature updates. You can afford to lag a bit behind on updates because you're not running critical enterprise infrastructure at scale.
Pretty much every home router, network firewall, and host-based firewall is set to deny all by default, so the effort is mostly needed to allow exposure to the Internet.
Have the advantage of hosting content on Plex and other media servers that you can play them remotely. I can be on the other side of the Earth and still access my media. This is an extremely common use case.
