Not true. SSH works over the open Internet just fine. It is simply an attack vector. Just like Pi Connect would be. So if both are attack vectors, go with the proven technology that is well documented as to how to prevent said attack.
A: port forwarding is only required if not in a DMZ.
B: open ports are how machines are accessed regardless of if they are forwarded or not.
C: if you don't understand how ports work, you have no business exposing anything.
Well I have my port open in my lan but the only way to access it outside of my lan is to port forward. I don't understand how you can say that all you need to do is open the port and the machine can be accessed.
Same concept applies for any other service like a game server.