I ran every online security scan I could find, scanned myself with nmap, scanned my laptop from my desktop.... all ports and sevices look to be stealthed or unavailable.
So I guess I can stop worrying about running the Apache server while I'm connected to the internet and playing with WebGoat.

Thanks for the replies.