With the various ways people setup their dev environment + docker, I imagine there are probably a lot of guides that show you how to set it up insecurely (because it assumes you're connecting from your local network) with a small asterisk at the end saying not to set it up in production like that. Very easy for an LLM to misunderstand.