That's correct. I think that hackers have proved that almost no site is impossible to get into. Our job is to put up enough walls so that, even though it's possible, it's not worth the trouble.
Changing the TCP/IP port just takes away one more known piece of information.
-Mike