As I understand it the access was permitted from only one IP address so unless the miscreant managed to get hold of that base then launch attacks the risk is small.
I too trust John and have made an SDR available to him via SSH many times without a moments hesitation. One thing a generation focussed on "correct" pronouns forgets is the morals and ethics of the older generation bare little resemblance to (many) of those today. People who lived most of their lives before the internet would generally not have stolen music or avoided paying for goods (like software).

I had a Chinese NVR that I had somehow forgotten the password to, support did not have a way for me to personally reset it at the hardware but if I just gave it internet access they would do it for me in minute... yeah no thanks. Half the complication of my home network subnets, NAT and firewall is aimed at using off the shelf CCTV bits without inviting a complete take over of my home network or being base for further attacks. It is probably illegal to export an item from country X without enabling a gov backdoor.

The fact that so many KiwiSDR's are still online makes me think that most users understand this event and have decided the intention was good if the inclusion does not suit today's world.

Has made me view the reporting of these events slightly differently, drama sells, click bait etc.

Stu