Hello John,
Thank you for your post.
Currently, yes, it is possible, although it cannot lead to any breach of the server or other harm. Besides, the probability that someone knows exactly at which IP address (or DNS name) and port your server service is running is very low.
However, in the near future we will implement features that will prevent such unauthorized use of the relay function. As for the nearest server update, we will add the ability to specify different communication ports for Viewers and Hosts that they use to talk to the server.
Don't hesitate to ask me if you have other questions.