If I enable adbd LAN tcp 5555, does it mean any app or LAN device can connect port 5555 to get a shell permission?

I have a Android 8 TV box. In developer settings, I can enable/disable USB debug. After enable, any device in LAN can use adb connect to connect to (no password or auth required) and control it via shell. My questions: 1. Does that mean any app on the Android devices can connect 127.0.0.1:5555 and get a shell permission? (The Android box is rooted. In adb I can use su directly) ss -pnltu | grep 5555 got:

tcp    LISTEN     0      4        :::5555                 :::*                   users:(("adbd",pid=5051,fd=15))

How can I protect my Android from being hacked by an installed app. 2. I can't use setprop ro.adb.secure 1, it says

setprop: failed to set property 'ro.adb.secure' to '1'

It's always 0. So the ROM doesn't support the adb RSA auth security feature. How can I protect my Android from being hacked from other LAN devices. (I want to keep usb debugging on cause I can install/uninstall apps from PC) ------------- **Update**: I come up with a simple trick: changing the port

setprop service.adb.tcp.port 5550

that will hide my adbd from 80% hackers I think. But, still, that's not a real solution. It's just a workaround