So... it 'looks' like when a bad link (misspelled?) is clicked, or possibly someone's server is down who was USING nginx as their software, it defaults to the website of NGINX...possible for advertising purposes.

From all I read, nginx itself is not a threat. It is 'possible' that someone using it could try to BE a threat....but... *shrug*