Is direct access to collabora host a security problem?

I could successfully setup Collabora aside my Nextcloud instance. Opening documents with LibreOffice online in Nextcloud seems to work. But I ask myself, why the user is able to connect directly to the Collabora server and if this is a security problem we should be concerned about. For instance: shows its content to everyone. Instead I thought that the user connects to Nextcloud and the Nextcloud host connects to Collabora (user -> nextcloud -> collabora).

With the user connecting to Collabora directly, I cannot restrict access to trusted users.