When you allow public connections to a service running on a machine, security for that entire machine now largely depends on that service. Are you 100% sure that your copy of Apache or Nginx is patched up to date? That the web app you just coded up won't allow arbitrary command execution? That the OS has no local privilege escalation vulnerabilities?
If you are using a web host or VPS, the risk is limited to the code you're testing. You could lose the whole machine and it's no big deal.
But if you've exposed your personal machine--with all your documents, files, settings, etc.--then you've got a lot more to lose if a bad guy gets in. Worst case is a rootkit install that collects all your passwords and sends them out.
When you allow public connections to a service running on a machine, security for that entire machine now largely depends on that service. Are you 100% sure that your copy of Apache or Nginx is patched up to date? That the web app you just coded up won't allow arbitrary command execution? That the OS has no local privilege escalation vulnerabilities?
If you are using a web host or VPS, the risk is limited to the code you're testing. You could lose the whole machine and it's no big deal.
But if you've exposed your personal machine--with all your documents, files, settings, etc.--then you've got a lot more to lose if a bad guy gets in. Worst case is a rootkit install that collects all your passwords and sends them out.