> I've considered taking my instance offline or at least behind a VPN

The practical downside is that you won't really be able to use all the features of Nextcloud that way, such as file sharing with people outside your LAN, or Nextcloud Talk (a Zoom substitute).

That being said, I don't store sensitive documents on my Nextcloud instance exposed to the Internet. For that, I have a Samba server on a LAN.