Even behind a tunnel, if you happen to be running an older version of a service (like Immich) with a known exploit, you are still vulnerable to attacks. Tailscale sidesteps this by keeping the service completely "invisible" to the outside world, so the two don't quite compare in my view.