I just accidentally opened a qemu instance to the Internet via vnc. It was a testsystem and nothing happened, but this seems really dangerous. There was a patch to change the default behavior to bind only to localhost, but it was rejected. https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01469.html …
Changing binding is not a big help. There are lots of ways to get a connection from localhost. Only real fix is enforcing authentication.