I totally believe that. And this is good!
As I was a trainee in IT, we need to setup a LAMP and use HeidiSQL under windows. Since I was using Linux quite a time, I brought my laptop and got a fully functional server in 5 minutes (the download for 'apt install' wasn't very fast these days). The rest of the class needed up to a whole day for the setup and understanding.
I think there a lot of cases, where you just need a quick 'let it work' solution. And the more stable it is, the more useful.
But what am I doing with a pretty quick server? I want to present it to the world. And here is the danger. When I don't know anything abut the system and configure my router to 'expose host' (means 'forward every not other used port to one host in the LAN' in AVM configuration), nobody can promise any security. And users tend to 'oh, it doesn't work, lets open everything'.
It starts with ssh. If ssh root is allowed or a default/weak password is set for the user admin/www/user/[anything easy guessable], we have a problem.
fail2ban is good against bruteforce. But what f bruteforce is not neccessary, because phpinfo will tell everything we need to exploit without multiple requests?
A firewall is good, but where to draw the line? Whitelist or blacklist? any to any? What services are allowed to the world and what should stay in the subnet?
We have. Even before IoT with unpatchable fridges, tunneling gaming console (see tredo) and smartphones with more data about you, than you are aware of.
At the moment I'm about to play around with PiHole. A small DNS forwarder in the LAN, to filter malare/ads/unwanted traffic. There are some devices, that won't work in my configuration. Sonos, Amazon Echo (partly), Xbox Network gaming ... In my world: Deny everything, look at the protocol and if a service won't work, restart the device, look at the protocol, compare and allow ... But in the real work, I need to make a any-exception for Sonos. I even can't give them a own Hostname via DHCP (my workaround is a CNAME record).
It is more important than ever to understand the system(s) and service(s). But to understand you'll need them to work, to play around. Not everybody can afford a dedicated server or is able/want to build a honeypot.
The Shodan Database is a great start to peek, what I am talking about. We already have the Botnet problem. So I don't want to see Elive-for-Server there as bad example.
I think the work of the people here is to valuable, to get bat publicity just because not talking about the possibility.
If an Elive-for-server will be used in a serious attack, at least we can say: hey, look: we have taken the time to consider plenty of situations. This situation is new/unknown, we will take care of it.
This would be great. At least we're talking not tech here, it is just a more philosophical approach to make the world a better place.
This are only my 2 cent and I don't expect everybody will agree.