Port forwarding basically means nobody is checking the traffic coming in on those ports. There is no filtering, no nothing, until it hits your device, assuming you do not have a actual hardware firmware.
There is a way that i would believe to be more safe and that is using tunnels like with Tailscale.
If you are a “noob” with (self)hosting I would really recommend not bothering. How can you protect yourself when you don’t even know how? Companies have entire teams doing monitoring and response.