Thinking VPNs are better generically than other hosting methods is ludicrous. I think assuming they are secure by themselves is where people get into trouble. If any hosting server doesn't use public internet approved 3rd party certificates and use self signed certificates They automatically open themselves up for certain cyber attacks. Most common type is the man in the middle attack. I find it interesting some try to use it to hide their ip address. Which doesn't work because there is a way to get the destination IP address from packet headers.
Port forwarding is for hosting services. VPN is just a type of remote connection. So VPN would be a common use for remote workers.
Unsuspecting home owners ? Nothing is going to happen automatically, but I guess if they don't know multiplayer games do that dynamically I can see them panic for no reason.
using self signed certificates for VPN services is not going to introduce a MITM attack; self signed certificates would be an attack vector for web/hosting sites. perhaps useful in test/private web/hosting environments but NEVER for public use.
a VPN used to allow remote access into a network is not going to be one used to hide addresses. they also (should) require user/password (encrypted traffic) to validate a public/private key combination to open an encrypted connection to the LAN. trust of a self signed certificate is that the one who is using it, themselves.
games, and lots of other service, use ports which are for outbound connections; such uses are ‘safe’ as they are initiated by someone inside the LAN. the firewall only allows return traffic into the LAN. open ports to allow unsolicited WWW traffic to enter the local LAN are NOT safe practice. the destination, within this forum, is typically a camera. cameras have been known to do mischievous acts and should never be trusted. restricting their WWW access by VLAN or physical separate network is the norm.
i would rather trust an open port forwarded to OpenVPN than to an open port forwarded to a camera, website, etc
=======
please articulate specifically how/why using a self signed certificate is not safe (vulnerable) when used to create a VPN; e.g OpenVPN