First thing, we were just talking about this in IRC the other day. Here's how I explained what a port is:
[19:08] <%Infinite> instead of calling em ports, call em 'application numbers'. So now telnet is app number 23, and ssh is 22, smtp is 25, etc. When you receive a packet your nic looks at it and sees a '22' in the port field, so it gives the data portion to the ssh program
So... To answer your question,
2. The only thing that makes a port more vulnerable than another is what program is listening on it. Telnet's default port is 23. You can run a telnet server on any port you so choose to run it on. Said telnet server is no more vulnerable if it is listening on port 69 than on 23.
3. Entry is gained by manipulating the program that is listening on the other side, whether that is a telnet server, smtp server, dns server, irc server, etc.