The current recommended way to integrate OwnTracks is through the GPSTracker Binding, not MQTT these days.
If you are exposing your broker outside your local network then you should definitely not be useing the embedded broker. And I would strongly recommend using CloudMQTT (Vincent posted a great tutorial for how to work with that MQTT Binding and SSL though I don’t how much is still relevant with MQTT 2.x).
Securing MQTT is a much much bigger job than just enabling SSL/TLS. It would be far safer for you to let someone who’s time is dedicated to watching the broker for attacks and malicious behavior take that on rather than exposing your home network.