At least I don't know of any vulnerability at the moment. That does not mean that it will never have one. Having a service running for others is always a risk.
For me, I accept this risk most of the time. But if you want you can disable/configure the local status page in the "network-wide" configuration.
If you leave it enabled, make sure that you have at least set your own password.