Technically everything is a security risk. If a device is connected to others, there is always a security risk.
Openvpn happens to be much more secure than https and a password, because the password can be brute forced. Unless you use a firewall like fail2ban (works great when properly configured).
If a reverse proxied docker container gets hacked into, it would be like someone breaking into your car and stealing what's in the glove box. Not much. But getting the unraid gui hacked is like someone stealing your alarm code and getting into your home, where they can get all the valuables, and the car keys. That's why they recommend using a vpn for the unraid gui.