I think that one of the things to do when setting up SQL Server as a security precaution is to change the default port to something else. Someone internally at my company exposed themselves and got the CodeRed virus. Every SQL Server in the company was infected accept for ours because we were not on port 1433.
Will this stop every attack, of course not, but why open yourself to needless headaches when something simple can be done. As for using ADO, our apps make extensive use of ADO and our connection strings all tell ADO to use this different port. You add a comma and the port value to the server name. "=ourSQLServer,1234". Bingo - you're now connected using the other port.
Our SQL Servers are not directly accessible from outside the company, unless you are using VPN, but if you did have to access them externally, then changing the port wouldn't hurt because it would just put one more layer of obfuscation in the hackers path.
My two cents worth.
"You have been told, O man what is good and what Yahweh asks of you, simply this: to act justly, love tenderly and walk humbly with your God." (Micah 6:8)