ugh, that's not confidence inspiring. I'd like to get a NAS to get my data out of cloud services.

Would periodically swap out drives and store the backup ones at a relatives house.

Would keep it disconnected from the external internet other than for pulling in updates.

But this makes me nervous.

Sounds to me like you would probaby be fine. As the article states there are various safeguards against it. Even just 2FA helps against brute force. Alternatively don't have it accessible from the internet.

Synology is a good compromise for ease of use and being able to actually set it up the way you want and need it. I have been using them for a few years and I'm happy with them. You actually get a good range of options for setting it up securely. I'm much more concerned about my router being taken over in some way as it doesn't get security updates and there is not much you can do with it.

And yes, I use it amongst other things for local backups. But then still back up to Dropbox and Google Drive from the NAS and other devices. And to external hard drives to swap around. It doesn't make me use cloud storage less, but I'm a lot less concerned about losing access with having everything local as well.

That's a good point I hadn't thought of. My motive for "get out of the cloud" was more about losing access than risk of breach / leak / spying etc. So that doesn't require getting out, it just requires the local backup copy.