Let me respond to both @oaktree and @pry0cc in this one response:
Geolocation is overrated. You can't get a precise location with a simple IP address. You just can't. Typically, the location consists of where your ISP is located. Even then, if I run a whois lookup on my IP address, it gives me my ISP in an entirely different location from myself. Yes, you can get a general location, such as a macro location (e.g. large picture. such as maybe a country or state or possibly location within a state). However, I don't really think that geolocation is really that much of an issue. DDoS can be a problem, but only if you're subject to it. As long as you have your WAN connected router/firewall drop all outside packets that aren't explicitly destined for a port, or maybe have flood detection, DDoS (or more likely DoS without a botnet or control of multiple clients) won't be an issue. I can't even DoS my own internal network, just because of the fact that my firewall (which is the first hop on my network) drops all packets that attempt to pass too frequently.
My only point was as long as you are security conscious and make sure that you have defenses in place for such attacks, you need'nt worry too much about your IP being public, because it already is. However, as @pry0cc brought up, 0-day exploits are hard to defend against. So yes, in that case, mitigation is nigh on impossible, considering the speed at which even CentOS/RHEL release security patches. Unless you were to write the security patch yourself, of course.
@pry0cc I don't see why someone would waste their time on anyone by running a scanner full time just to wait until a port opens. Also you would probably need a cron job for that to work... and keeping a server up that long running scans constantly would get expensive, and quite suspicious. It wouldn't be hard to notice that many scans in your logs. But then even if you open a port, it doesn't mean they will get in. A port doesn't necessarily equal access. Now, if one were to say, run exploitable services on said port, well then that is bad OpSec. Then again... 0-days exist. Who knows?
This isn't to say "give everyone your IP address!". I have a cloak on freenode and any other servers I join as well, because I'm a private person. But it's not a necessity. I really don't think it fits anyone's security model in 0x00sec to worry about VPN/proxy to IRC. That's a bit overkill, considering no one is (hopefully) being targeted. VPN/proxy to IRC falls into the question of whether the extra time, hit on speed, etc are worth the security it (might) provide. Personally, it's not worth my time, and I don't see anyone involved in 0x00sec needing such a secure threat model. Maybe we should have a post about threat modelling? Hm...