This is a small service for developers. Please see the FAQ comment. There are not currently 40,000 proxy connections to the public server (more like 10). If there are then the server will gracefully give an error and terminate the connection.
Please do not spread fear, uncertainty, and doubt about security without precise details. It’s not conducive to a healthy conversation.
Forwarding ports from localhost is a benign activity unless the port is vulnerable in the first place, I wouldn’t be advocating to blindly forward localhost ports to the internet without a second look.
"Please do not spread fear, uncertainty, and doubt about security without precise details."
I read the FAQ several times before posting, and it still didn't answer the security question. Elaborating my concerns...
You suggest developers use this. That means, users will most likely be running dev servers. Dev servers, especially in the NodeJS world offer the ability to connect a debugger.
What happens when someone spams requests to connect a debugger to bore.pub:<PORT>?
You have to explicitly tell bore which server to serve your client on. At no point do you have to use 'bore.pub'. That is being provided by the developer as a public place if you choose not to run your own bore server.
Please do not spread fear, uncertainty, and doubt about security without precise details. It’s not conducive to a healthy conversation.