What I mean by toxic is that the popularity of the vids in combination with the lack of any hint about security leads to a mass of servers with basic Nextcloud, plex, smb/cifs, …. setup that works in general but have not a minimum of security.
People expose their ports, grant full file access to everyone, open their shares for everyone in the network. They allow root to connect via ssh with poor password and heard nothing about eg fail2ban. They setup raid but have no backup.
When someone tells them, they are almost always very surprised and even kind of shocked. And very often it has begun with one of these howtos where the instructor did not even spent 1 min for at least giving some keywords about missing security aspects that must be covered before going productive. They just thought it’s done.
Furthermore, if you comment his videos just to add missing info for a proper setup, he just deletes your comment.