I have ports open (to receive backups from my other servers) but only to connections from specific ip addresses and only port 22 using a pub key (no password) I’d be hesitant to open port 80 to the public though.
Then again I’ve run a small public web server for well over a decade and never had any issues with hackers.