Kind of.
Assuming an IPv4 only home network, your Mac itself is not ‘discoverable’ as such but attempts to connect to you router using TCP on your ARC port will get forwarded to the Mac on which that port will be open and an initial connection will be made. However, once the connection is made, an authentication is required and if that authentication fails, the connection will be dropped. The outside agent still believes it is connecting to the router - not the device behind the router.
Thus, technically, nothing on the outside world is aware of your Mac specifically but it could, in principle, discover that there is a device accessed via your public ip address that has the ARC port open.
Whether or not you consider this to be a risk is up to you. The actual risk is the same (or possibly slightly lower due to obscurity) as that exposed by any Web server or any other publicly available server - including those of the banks and financial organisations that are looking after your money.
With IPv6 the situation is different. Every device connected to the Internet with IPv6 support is, and must be, visible to the Internet. There is no NAT involved. However, your router will now act as a secure gateway (running a firewall) only allowing connections attempts to the devices which it has been told to allow and only on the specific ports that it has been told to allow. This seems like a backward step in relation to IPv4 but the incomprehensibly huge scale of the IPv6 address space makes it impossible for rogue agents to perform a dumb ‘search’ for an ip address (and a port on that ip address) that offers a weakness. There are 7.92281625143e028 times as many possible IPv6 addresses as there are IPv4 addresses. Even if you have a priory knowledge of the address pool issues by Isps, a home user with perhaps 100 devices (most come nowhere near that number) is given a block of 2e19 addresses and can, in principle, allocate any of those to the devices on their network so even doing a brute force discovery on your own network is practically impossible.
In both cases, the risk of a single exposed port (with authentication) is extremely low. Just for comparison, I have a third party VOIP phone on my network which requires not 1 but 996 ports to be open at the router in its default configuration (I have reduced this considerably but it is still more than 1). In the UK, it will soon be impossible to get a POTS telephone line installed with all new landlines being VOIP.
In either case, an outside agent will not know the type of device it is connecting to unless that device tells it (e.g. Web servers tell the connecting client via the user agent field in the initial message exchange).
In short, using your Mac vs a separate Rock server does not increase the risk of a successful attack - but it could increase the *cost" of a successful attack because there is likely to be more important data on the Mac that could be compromised or lost.