I am not sure if this is the right section to bring this up, but my concern is that 19.07.4 seems to give SSH password access to the outside world by default. Below is what I see every time I start with the default settings (5 installations over the last week). Is this right? Am I missing something?
The fact that dropbear listens on all interfaces by default should be harmless since OpenWrt's firewall configuration rejects connection attempts from WAN by default.
You can use an online port scanner to verify this.