The part that the GRC website tends to leave out, is that an open port on its own doesn't compromise your system's security in any way. You can open up every single port there is and it won't make a bit of difference in and of itself. You need the second element, which is some program LISTENING on one of those ports before you have the potential for a security problem. That program also needs to have some means of being exploited, but that still falls generally within the realm of the program needing to be present.
There's good reason Steve Gibson is the butt of so many jokes and the general laughing stock of the computer security community. He tends to rush in with these chicken little the sky is falling claims that are based on, at best, a half-assed analysis which completely misses some more plausible explanations. Maybe the guy has finally learned his lesson. The last time I remember seeing his name is when he claimed that Microsoft put an intentional back door into XP's GDI+ library. A couple of days later, after everyone else had had time to evaluate things, turns out it wasn't even remotely what he claimed. I forget if he did stumble across a legitimate security issue, which Microsoft quickly patched, or if it ended up just being something completely innocuous, but haven't seen much from the guy since.