First of all, the port being under security was a bit unexpected on our end.
Having to enable security (we have it disabled) is very unintuitive and cost us time to figure out. That the JNLP port is bound no matter the enable security setting being turned on or off, is very questionable and confusing. This should defiitely be changed ASAP, to prevent user confusion. Especially, since simply moving the setting but keeping it as is should be rather simple!?
On one LTS installation, I have security enabled, but use anonymous access anyway. On a second installation, we use anonymous access with security disabled. The confusing part is that on the second installation, I can enable security to set the JNLP port, and then save the settings. Checking back, security is still disabled (I guess because no Security Realm was chosen) but the port is set. This is a very unintuitive and hidden behaviour.
This is assigned to @Kohsuke Kawaguchi, I guess since 2009. Is this something you can and will do? Or would it be helpful if someone from the community jumped in?