It's a risk, yes. For starters, I would urge you to start out in this deployment model (as I also did just the other day on a different forum post here All-in-one docker compose - #11 by TheLumberjack)
Once you are comfortable with OpenZiti and understand things and have it working, you could/should "split" the management API away from the internet entirely. There are several posts on the forum about this, doc, and videos to reference. 
up to three by default - yes. when you leave one network or a router becomes unresponsive/unreachable, the client will failover to the next router with the lowest response time.