It's not the technical difficultly, it's the increased risk.

What's the risk in allowing a port through a firewall to an application you already trust? How do other applications solve this without a need for an open port?