Other people have given good, specific answers. Let me generalize from a security perspective:
Having a port listening on the internet means you've exposed (usually) tens or hundreds of thousands of lines of code to anyone with an internet connection. One vulnerable line of code or mis-configuration could be an entry point into your network for an attacker.
The key then, is deciding what absolutely needs to be exposed. If you run a website, you're going to need to expose your web server to the internet. Need access for remote workers? You'll open up a VPN. There are a bunch of things that generally have no place being exposed to the internet: SNMP, SMB, afp, RDP, Telnet, Any admin console, etc.
A former, pissed-off employee who still remembers all of your routers' IP addresses and SNMP communities can issue a SNMP request to shut down all network interfaces and disable your network to the outside world.
A former employee who tells someone else your SNMP communities...
A current employee who in a moment of laziness, inadvertently leaves your SNMP community in a public pastebin or Github Gist...
Even if you can only monitor things, instead of directly issuing commands, it's still information you're leaking.
Information leaks are still a class of vulnerability for a reason. It can give an attacker information on your network topology that he wouldn't usually have.
The less attack surface exposed, the better. Generally, if something is exposed to the Internet that has no (good) reason to be, it's a vulnerability.
SNMP is used for internal management/monitoring of network-enabled devices, which you don't expose to the public internet.
The SNMP supported on old PIX is SNMPv1/SNMPv2 which sends the community string in plaintext, and the reply is similarly unencrypted, so its basically the same security level as telnet or regular http (none).
Having a port listening on the internet means you've exposed (usually) tens or hundreds of thousands of lines of code to anyone with an internet connection. One vulnerable line of code or mis-configuration could be an entry point into your network for an attacker.
The key then, is deciding what absolutely needs to be exposed. If you run a website, you're going to need to expose your web server to the internet. Need access for remote workers? You'll open up a VPN. There are a bunch of things that generally have no place being exposed to the internet: SNMP, SMB, afp, RDP, Telnet, Any admin console, etc.