As said in topic, why is it on the admin port?
I’m not sure yet 
Because it contains sensitive information (like session data) and is for protected resources (APIs) from first parties. Don’t expose this to the public.
Please explain me or give a link to the docs when to open 4445 for external access and if you would ever do this?
To explain more: I want to use minAdmin also as OAuth2 Provider for 3rd parties, will this work without 4445 or not?
It’s easy: If you don’t know what you’re doing, don’t open 4445 to the public.
Sounds like an answer.