TL;dr :

“You may say that you could use a VPN, however this is hard for me, thus it can not be secured for Internet access”

This is literally the central thesis.

I’ve concluded that it’s perfectly alright. I’m running Home Assistant since the early days. It’s been exposed to the internet for years, just a Nginx reverse proxy in front of it. I’m not sure if it comes with that per default, or if it’s just super easy to install, but it blocks IPs for brute forcing attempts and everything that otherwise requires you to use additional software, learn how to set up fail2ban, letsencrypt, authentication etc… That’s basically all already integrated in to Home Assistant and easy to set up… At least for the normal use-cases. HA also has multi-factor auth and some basic configuration options concerning auth.

And HTTP basic auth isn’t great anyways… It’s easy to set up. But that’s basically it. I don’t think it’s particularly secure. And why wouldn’t you be able to use it? That’s something a reverse proxy can do even without support of the proxied software?! And there’s a multitude of authentication proxies and web application firewalls available…