Thanks very much, srobarts.
No vulnerabilities were found.
I know that's not to say my setup is perfect and cannot be exploited, but at least none of the obvious things tested showed a weakness.

Thanks for your help, too, mixture. The problem I have is that the NAS doesn't ship to be "consumer rebuilt" by doing anything other than pressing the reset pip (only resets the network and admin password) or by using the option in the admin console that deletes all user data and reverts to factory defaults*. It does not reformat and reading "how to hack your NAS" and "Linux for newbies" (you get my drift) puts the fear of God in me that I will end up with a nice white brick.

*Added later via edit: I have now done a reset via the Admin console and as you imply, it doesn't reset to factory defaults, despite what the manual says; the firmware is still at the version I upgraded to via download from WD, not the version that came installed.