From what I understand, opening a port isn’t a risk in and of itself — it’s only a risk if the software using the port is insecure! So long as you use reliable software and take care to configure things properly (following through with instructions from a site like ArchWiki or the official documentation helps), you’re good.
CloudFlare is more for DDOS protection, which you almost certainly don’t need . You could always set up DDOS protection later on, if the need ever arises.
Ah, so it’s Emacs :^)