I have to say, this really does seem like an overreaction. Yes, the access name and password for the B2 are public knowledge. However, in order to ssh to the B2 from outside of your home network, a number of unlikely things would be needed. Your router would have to have the ssh port (22 by default) open and forwarded to a known IP address within the local network. I know of no normal commercial router that would satisfy the first condition, let alone the second (since the second is one that has to be set deliberately in the router).
The NAS setup on the B2 might be slightly more vulnerable, though only slightly, since I've never encountered a commercial router that has the SMB ports (can't remember what they are, off-hand) open, let alone forwarded).
My situation makes my B2 somewhat more vulnerable than most. I have a small server (file storage, DHCP and DNS) on my local network, and I have SSH enabled and forwarded to it. From it, any other machine running an SSH server can be accessed. However, my server, which is the only open gateway to my network, is protected by paired keys, so it is very difficult for anyone but me to gain access.
So I really think this is a serious overreaction. Unless you have someone within your local network with malicious intent, the B2 really isn't very vulnerable at all...