Are my default settings on my Xfinity Xb8 Router safe enough?

Well, one at a time:

Router security set to low:  It's undocumented what each setting does on Xfinity gear, and the firmware is closed source, so that's unknown what it's supposed to do anyway or if it works.  That's typical for consumer gear.  Set it to "high" whatever that means, and see if stuff still works.   

Port Forwarding:  That is deliberately defeating whatever rudimentary firewall your consumer gateway had in the first place, and exposing an internal machine directly to the internet.  If you are running a service of some kind on the port you forwarded -- exposed to the world -- your security is only as good as the security that service has.  The machine itself (and possibly your network) will be compromised if there are issues with that service or the OS it runs on.  I wouldn't recommend it unless you are running the device/service on an isolated network, and protecting/limiting access to known sources, as well as throttling intrusion attempts with a separate firewall.  Your gateway can't do that.

WiFi security:  For encryption, WPA2 and WPA3 are still considered secure at this time.  That may change in the future.  WPA3 is replacing WPA2, but not all devices can do it currently.  WPA3 is recommended.  Use WPA3 if your devices can, just to keep on the current security edge.    

IPV4 and IPV6 are just protocols.  Neither is inherently more secure than the other.  They don't do security, it's just how things are able communicate. 

Safe browsing?  Well, none of it is "safe".  What you can do is not click on links in email, and use ad and script blocker add-on extensions for privacy, and that can help.  Anti-virus programs can help too, and stay current on OS updates and software updates on everything to cover known exploits.   Anti-virus web shield products can help as well, and sometimes use net-nannies that block known hostile sources.  They can block inbound maulware/viruses too.  That comes at the expense of privacy since your data is routed through someone else's network.  Also, you've introduced a "man in the middle" that can see your traffic in plain text including credit card information if they are replacing encryption certificates with their own using a web proxy server, so it's up to you if you trust them or not.  You can see if that is the case by clicking on the lock icon in your web browser.  If the certificate is "replaced", it will appear to come from the web shield company, NOT the domain of the server you contacted.  Google's Avast does this as an example.  The most secure communication you can have with another machine, is a direct encrypted connection without anyone intercepting data and decoding it in the middle. 

Phone apps:  Any device you have that has to be controlled with a phone app, or that communicates to a cloud server on it's own (your Xfinity gateway) has a potential security problem.  Your phone is the least secure device you own.  Storing critical infrastructure configuration on a remote server is a horrid idea.  No legit company would do this with their own corp network.  I would also isolate any other devices like cameras, IOT gear, smart outlets etc, that does this from the rest of my gear if I had to use one.  Again, your gateway can't do this, you would need additional equipment.

Your Xfinity gateway uses MoCA version 2.0.  It's Ethernet over coax.  There is no security in MoCA version 2.0.  There is an MoCA Point of Entry filter that can be installed where the service enters your residence that will block the frequency MoCA uses.  Without it, your neighbors devices can connect to your network, and your devices may connect to theirs if they are running Xfinity equipment.  It's supposed to go on the coax where the service enters your residence, before any splitter that feeds other coax jacks in your house.  If you have no coax connected TV boxes, or MoCA devices yourself, you can screw the filter on the back of your gateway inline with the coax.  You might have one, or you might not.  They are around $10 on Amazon or Walmart, or you can get one at an Xfinity store and some people say that's free there.     

Your Xfinity gateway allows other Xfinity users to connect to a WiFi hotspot running on YOUR gateway.  The traffic is supposed to be isolated, however that's undocumented as to how exactly that is accomplished, and it's using the same memory and CPU so it remains a potential attack vector that I wouldn't want.  You can disable that "feature" but people report it turns itself back on sometimes.  Up to you though if you are comfortable with it.

Hope that helps.

Hey @MomTech. Did you find @flatlander3 replay helpful with all your concerns or was there any more we can assist you with? Thank you flatlander for all the helpful information so far as well!😀