the advisability of opening port 3283 to the world

one of my clients has their xserve behind a pretty nice little firewall. normally, i go into their office to make major changes and to commune with the server when it's misbehaving (like today. DNS went FOOM...) but i'd like to be able to make small changes and monitor its status from home. so, i'm thinking i'll pop a hole in the firewall for UDP 3283 (according to http://docs.info.apple.com/article.html?artnum=106847) to allow me to take a look at the server's logs and whatnot through ARD. are there any security issues or exploits i should worry about when doing this? are there people out trolling the interweb for open ARD machines trying to hijack them? is it possible to have the ARD client connect to a different port - or tunnel through SSH, for example - and forward that port through the firewall to 3283? many thanks.