I have some level of sympathy. “Common wisdom” on these topics is not always nuanced.
Like most others I wouldn’t allow WAN to connect to my NAS - but this is fairly low hanging fruit. After that, I’m certain that the likely source of issues come from within, through clients with malware, or even malice. My impression, despite the occasional blog post, is that security in TrueNAS isn’t a high priority, and when raised, often met with that exact argument (“Well, it shouldn’t be connected to the Internet anyway!”). Here is one recent security-related example which I found quite disturbing and there is no sign of iX planning to address it.
Regarding backups. Clearly it’s all a trade-off. Personally I keep my most valued data in 4 places whereof 2 away from my house and 2 always offline. However in reality I’ve never had to reach beyond my main RaidZ2 with regular snapshots. Maybe one day I will. But the likelihood that I will need to reach all the way for my last copy is probably less likely than being hit by a car tomorrow. So, rational? Arguable. But it tickles my OCD.