One thing I did notice as I was going through the Plex jail was that there's parameter in the Preferences.xml file called "disableRemoteSecurity", and by default with the FreeBSD packages, that's enabled. That gives anyone who wanders across your Plex server full access to your data. That's frankly an idiotic default setting, and I've now changed it.