This is a feature. Allowing Unfriendly AIs or incompetent morons to dictate security policy will go horribly wrong eventually; nonstandard SSH ports help make it painful for you to allow them to gain a foothold in the first place.
Turning incompetence into actual problems is not a value-add. I already know the incompetence exists, so there's no informational value, and if I were in a position to do something about it, I would have, so there's no organizational value. Just wasted time.
> someone manually "reviews" the firewall rules
This is a feature. Allowing Unfriendly AIs or incompetent morons to dictate security policy will go horribly wrong eventually; nonstandard SSH ports help make it painful for you to allow them to gain a foothold in the first place.