EDIT Authentication does need to be switched off (as you have to use other other methods to secure the endpoint with Stripe Webhooks)
This post discusses it http://forum.bubble.io/t/stripe-webhook-in-bubble-big-vulnerability-to-all-apps-that-use-them/134030/27
You have to find out what you are personally comfortable with, and balance effort to implement vs what the risks are.
For me - checking the source IP addresses matches any of Stripes IP addresses is low effort to implement and reduces a lot of risk …
Good luck!