Like with every software it is more dangerous to put it on the Internet. You can acquire an SSL certificate and use it with Openfire to encrypt messages for some security level. But Openfire might has known vulnerabilities or new can be discovered later. As this project is not very active it can take long for such vulnerabilities to be fixed and your server will be exposed to exploits. Usually it's some XSS vulnerability in the Admin Console code.
↧