To be more specific if you are running a public node it would most likely be a remote host other than your normal desktop. You have to access it somehow right? Unless you are accessing it via LAN only, behind a firewall in a DMZ your entry point will most likely be the attack point as well. As for the premise that dcrd has exploits - we dont know of any. That does not mean there are none. New undisclosed holes/vulnerabilities are found every day in the various internet softwares. If you allow outside hosts to connect to dcrd this could be an attack vector as well. Once an attacker has host access your PoS wallet is in jeopardy. It doesnt even have to be access to your node directly. You could compromise your desktop in some fashion with the latest multiangle pr0n viewer/game key generator/downloaded cracked software/email from Mr. Bogamit from Zimbabwe spreadsheet hiding a trojan installer and an attacker could get access that way for example. There are many ways to circumvent a firewall/hardened server/whatever configuration. You dont always have to break down the front door. I deal with this type of stuff in a paid capacity. Mostly just daily admin type stuff. I see crazy shit sometimes and I am not even doing server forensics. You want to talk to some bat shit crazy paranoid guys, talk to them. I will say this once again - If you do the basics(close ports, reduce port access to allowed IPs, and various standard security hardening) you will most likely, 99.9% chance, not have any issues. But 99.9% is not 100%. Just as 99.999% is not 100%. Dont PoS on your public node. That is all I was trying to convey.