Re: "those who run Redis without requiring a password for connections"
WHAT ? There are Linux admins who have actually configured the oh-so-vaunted Linux server to accept external comms without authentication ? Count my gast flabbered. Must be ex-Windows admins.
Yes, they must be, because it requires killing off safe defaults. It's as hard to bring a Linux service online in an unsafe state as it easy to do so under Windows, except when it's Joomla (as that even now defaults to adding the password in cleartext to a joining email, and requires such to be disabled explicitly instead of the other way around). But that's not really Linux, that's more like adding Word to Windows and then observing that macro risks are still with us because it's only been like 20 years or so that that risk not only exists but is actively being abused in the wild..
Not that you need to ADD anything to have problems with Windows - why would you otherwise have to add extra anti-virus?