Changing the TCP port to do security by oscurity is not a recommended practice. What about deploying the ZD behind an application firewall or inside a DMZ and change the default password to something more robust, for example using 20 alpha numeric characters?
Security is not one thing, is a set of compoments. All our ZDs are in one of several DMZ's behind of our firewalls. Yes, our pass policy has 17-21 characters. ¿does someone could think to leave the default pass in an enterprice network...?