

Without authentication; it’s possible to randomly generate UUIDs and use them to retrieve media from a jellyfin server. That’s about the only actually concerning issue on that list, and it’s incredibly minor IMO.
With authentication, users (ie, the people you have trusted to access your server) can potentially attack each other, by changing each others settings and viewing each other’s watch history/favorites/etc.
That’s it. These issues aren’t even worth talking about for 99.9% of jellyfin users.
Should they be fixed? Sure, eventually. But these issues aren’t cause to yell about how insecure jellyfin is in every single conversation, and to go trying to scare everyone off of hosting it publicly. Stop spreading FUD.
Genetically, yes technically.
Legally and Morally, no; and you’d be a complete asshole for trying to insert yourself into the childs life in any way. You gave up that ‘right’ when you donated your sperm/testicles.