Yes, don’t expose the damned thing directly to the internet. They are cheap, disposable linux distros with a million security flaws with a camera attached.
If you do plan on doing this, punch a single hole in your router’s firewall and set it up to forward traffic from that port to a separate VPN server on your LAN. Make the password something long a complex and use your phone’s VPN setting to connect to it.
Accessing the camera would then just be like browsing to it on your home wireless.
Second stage woudl be to ensure that the VPN server (Raspberry Pi running OpenVPM or a homebrew PPTP VPN server) is updated whenever new packages come out. You could also throw an IDS/IPS and Splunk in the mix, but that will need something more beefy sitting next to your router.
Camera; Tenvis make cheap ones.
App: Camviewer is ok and free