There never are guarantees with security. As DBA's is mitigate risk and make it a little more difficult for people to get "unauthorized" access to the database system. By changing from port 1433, you make it a little more difficult for a potential hacker to gain access to the system. Pretty much everyone knows that SQL default port is 1433, so that's the first port that someone would look at to exploit (ie, low lying fruit theory).

I would say that it is highly recommended that you change the <default> port to a fixed port, although some people use dynamic ports which also could be effective. If you change to a fixed port, the network folks only need to open up that port. If the ports are dynamic then the network folks need to open up ranges which actually could pose a larger risk. My standard for SQL instance installs is to immediately change the SQL port to a fixed port.

Where I work, the applications do not have trouble connecting via our "fixed" ports. The ports can be placed in connection strings, or in local alias'. It's a rudimentary change.

I look forward to reading other pro/con posts about this topic.

Steve