Open ports are not by themselves a security risk.
Not by themselves, but there's no such thing as an open port by itself. We're obviously talking about listening, so we need not discuss ports opened outward, although there are definitely ways to compromise an application in reverse, so opening a TCP connection outward is an opportunity for an incoming attack, if you connect to a host which is malicious (whether inherently, or because it has been compromised.) But at minimum, listening ports provide an opportunity to attack the networking stack of the device, and the application (or daemon, etc etc.) which opened the port. So yes, open ports absolutely do increase your security risk. If there are zero open ports on the device, then the only parts of the networking subsystem with which you interface are the network interface and its driver, which means there's less opportunity to exploit a vulnerability.
Saying open ports are not a security risk is like saying that open windows are not a security risk. What? Of course they are.