1) SQL Injectors ( I presume you mean SQL injection) are not dependent on the port. SQL Injection attacks work through your web client where in a text box the black hat puts in a ' and then some sql text i.e.
David' GO DROP DATABASE xyz, hoping that you build and execute your SQL strings dynamically.
2) Port 1434 is used to permit clients to get the list of instances with MS SQL Server and with SP 3 they did provide a way to turn this off
3) You need to set up an alias in the client network utility
4) You must configure this protocol in the Server Network Utility
Principal Consultant and Trainer