Opening up the HTTP/WebSocket interfaces to outside traffic is dangerous because people are actively trying to break into nodes. Are you sure you need remote access to your node via HTTP? That should only be used if you’re behind a firewall and can control access. Couldn’t you use SSH + IPC to attack to a remote node?
With regard to memory use and RPC, what requests are you making? I can imagine that there might be some leak in our code, but providing some details about your usage could be invaluable to track it down.