It depends on what other controls are in place. If you have a firewall blocking 1433 requests from untrusted networks then the SQL Server will never even see the request. It's not a bad idea to run SQL Server on a non-default port, but it's not necessarily a security problem if you do. If you're concerned I would make a mental note of it but wait until you have seen how the rest of the environment is laid out before thinking about raising the issue as a potential security exposure.