This is, as far as I know, a completely accurate and factual take. It is also nearly irrelevant.

The two entities which have reported on this event are looking for tcp traffic on port 23, not TELNET protocol traffic. So indeed, as you say, if they are tunneled in VPN, or encapsulated or using an alternate port, tn3270 traffic will not be detect on port 23/tcp. Telnet over TLS is assigned to port 992, so any RFC-compliant implementation would be found there, and irrelevant, again, to the telnetd CVE reported this year.

There are two facets to January's incident: the vulnerability in the GNU implementation of telnetd, and the purported, widespread blocking of port 23. The original report went out because of the coincidence they perceived there, and especially because the latter preceded the disclosure of the vulnerability!

Mainframe tn3270 servers would not be subject to this vulnerability. If there had been a port filter in place, it only would've tripped-up the mainframes that still used port 23, which is evidently optional, and it says here that many admins want to keep AIX's telnetd bound to port 23 anyway.

So it is good to know that TELNET protocol, and its extensions, are alive and well. We may not actually know how many clients and servers implement the protocol itself, since MUDs made this a routine thing, but certainly the deployment of IBM systems is formidable, considering the sheer mass of the iron in their rack mounts.