How secure are apps that using RPC portmapping?
In general the golden rule for the security consists in activating fewer services possible and only when necessary.
Perhaps I will try an application (this is a file manager) that seems to apply to use this service, such dangers arise in safety?

Restrict usage of open ports by enabling OpenBSD's packet filter, PF.

Read the PF User's Guide (http://www.openbsd.org/faq/pf/index.html) and related man pages.

I like play on firewall, indeed I have already enabling OpenBSD's packet filter. :D

In essence, to reduce the problems a good solution might be to identify the ports used by the service and then set them for exclusive use at a local?

Correct. "$ netstat -an | grep LIST" will show you which TCP/UDP ports are open.

For more detailed information, excluding any outgoing/incoming UDP/TCP connections.
fstat | grep internet | grep -v -e '>' -e '<'
It could probably be done in a cleaner fashion, but at least with this, you can determine some additional information about the process that opened the port.