It's not anymore! They actually changed their defaults and it helped tremendously to reduce the exposure of Redis instances on the Internet.