It’s not OK. QNAP service authentication has traditionally been circumvented entirely (hackers crash the authentication service with malformed requests, then have access to whatever they want).
HTTPS doesn’t prevent hacking attempts. That’s not its job.
Changing the port number is irrelevant. Hackers can easily scan all ports.