Except that pinggy appears to be an ngrok clone which is basically equivalent to port forwarding in terms of security
If you don't want to expose the port for security reasons you are better off using tailscale/zerotier/wireguard
The article for some reason didn't explain that at all or show examples using pinggy's authentication features. If the article had talked about that, the assertion about being more secure would have made a lot more sense.
It's a shame lists like - https://github.com/anderspitman/awesome-tunneling - do not call this out. fwiw, the one I work on, zrok.io (in truth, I work on its parent project, OpenZiti) has that hardening and auth because we believe its vital.
I see somebody else also mentioned Raspberry Pi itself has a similar service.
Taking a quick look at the article, it seems like you route traffic through Pinggy, whereas Tailscale is mostly (minus the TURN stuff) peer to peer with some NAT-busting
Pinggy does seem to support incoming IP whitelists, at least.
Also consider using the whitelist option.