What's the risk in allowing a port through a firewall to an application you already trust? How do other applications solve this without a need for an open port?