A port isn't open if something isn't listening for a connection on it.
The reason it is bad form to have all ports open to everywhere is that it exposes those services that are listening on those ports to exploits. That is why firewalls exist, to limit what is allowed to connect to certain ports, to reduce the surface area exposed by services.
EDIT
To address your question about why people can't just write software that isn't exploitable:
This is fairly easy for simple programs, but many programs that require a socket are complex. As such, they have many components, many of which aren't even written by the developer most likely (included libraries). You cannot rely on other people to keep your network secure when there are hardening methods you can use yourself, such as firewalls.
Arbitrary/remote code execution is a huge risk, as you have pointed out. Unfortunately buffer overflows and other security flaws that allow it are common. Look at any Microsoft security update and I'll bet it patches either remote code execution or elevation of privileges, and MS is a huge company with hundreds of developers and billions of dollars.
