PiHole is not usually exposed to the Internet, that's why it's less likely to be attacked at all. But I wouldn't call their nginx+php spaghetti stack "secure" or any less vulnerable.

It isn't exposed indeed, but i'd like to have it as safe as normally possible. Are there items you might suggest in making it more secure?