Let’s remember that this is a forum for music enthusiasts, not networking professionals.
Yes, a connection can be negotiated, as with any service, but ultimately, it will be refused (rejected, fail…) if authentication is unsuccessful. And of course, any service behind an open port is open to network scans, exploits, brute force etc., but this why some choose to trust others to handle these things…