Why bind a database to a local socket and not to a network port? Because it reduces the attack surface area. It doesn't mean the database is "secure": access permissions could be configured incorrectly; it could be missing security patches; etc. But closing off the port still increases security because an attacker has to compromise another system, or find a more obscure pathway to get at the database server. An attacker incurs an additional cost when trying to compromise the database.
Why move SSH to a higher port? Same reason - it reduces surface area.
However - does changing the SSH port _really_ add that much of a cost? For naive attackers - yes. A well configured firewall which detects and tracks SSH login failures, port scans, etc and issues IP bans is more robust. But even this only goes so far, especially for attackers who can orchestrate a large number of IP addresses.
Why move SSH to a higher port? Same reason - it reduces surface area.
However - does changing the SSH port _really_ add that much of a cost? For naive attackers - yes. A well configured firewall which detects and tracks SSH login failures, port scans, etc and issues IP bans is more robust. But even this only goes so far, especially for attackers who can orchestrate a large number of IP addresses.