With respect to the single bay My Cloud, WD has made GPL source code (such as it is) available for anyone who wants to use it to compile their own updates or fix various issues with the existing firmware.
In the end though if one is worried about security vulnerabilities in the current firmware, they may want to look using alternate firmware where one may have more control over updates. For example:
The day will eventually come however where WD stops updating the firmware all together on these old single bay My Cloud units. The first gen v4.x firmware units are rarely updated to fix security vulnerabilities these days.
