And the answer to your vulnerability question is... maybe. LOL
I'm not familiar with the specific program but I am familiar with uPnP. What it does is to allow your program to request your router to open a port or ports in your firewall and forward any incoming traffic to your specific internal IP address of your machine. It is really no different than going into the port forwarding tab of your router's management site and opening them up yourself.
Opening any ports and enabling port forwarding does increase vulnerability, but for a random port, the risks are extremely low. Opening ports 21 (FTP), 25 (SMTP), 53 (DNS), 80 (HTTP), 110 (POP3), 143 (IMAP4), 3389 (Microsoft Remote Desktop/Terminal Services), 5900 (VNC), and some of the other well-defined services is far riskier than opening ports for undefined, random ports. Attackers looking to take over someone's system are usually scanning on the well-defined ports because it takes far too much time to scan upwards of 65,535 different ports.
Because I don't know much about Bittorrents and the apps used for them, having never once used one (I've used Limewire a few times and the old Napster), I don't know if the ports used for these applications are well-known. If they are, then the risk is higher as potential attackers may be looking for those ports. If the Bittorrent app is opening up random ports, then the risk is probably negligible.
Even if the ports are well-known, the risk would be the same no matter what Bittorrent app you use since any of them would be opening the same holes in your firewall.
Hopefully, this explanation isn't too technical.
