Open to read/write access by what or who? You can control access to the boot device with regard to other computers on the network, for example. You can control what you allow dockers and VMs to have access to. Within the unRAID OS itself, everything is running as root.
Example: I forward SSH over port X from my router to port Y on my unraid box. If my unprivileged user account is compromised via ssh (after all, passwords are sent in the clear), then said account would instantly have free will on my /boot/ directory. For that matter, everything in /mnt/ is also 777. Before I get the obvious "don't forward ssh to your router", I do understand the risk - so I have disable password auth and use only publickey auth.
Perhaps there is a way to set up the initial mounting options somewhere to restrict ownership of /boot and /mnt... If the system is operating as root, then it wouldn't cause ownership issues, right? I know that FAT32 can't control ownership of individual files, but you can mount the device with specific ownership applied recursively to the mount point. Would there be a (safe) way to do this?