With their introduction of Windows XP, Microsoft renamed their original Terminal Server technology, which they purchased from Citrix years before, to the more user friendly "Remote Desktop". Terminal Server / Remote Desktop allows a remote client to remotely logon to a properly equipped and enabled machine and to then display a fully graphical desktop from that remote machine.
It's all very cool and it works surprisingly well (for a remotely connected graphical user interface), but you can imagine the security implications. Since everyone knows that Remote Desktop runs over TCP port 3389, world wide Internet scans for port 3389 are becoming more common. From a strict security standpoint, regardless of the user name and strength of the passwords available on the hosting machine, anyone who is deliberately leaving port 3389 wide open and available to the entire Internet is courting extreme danger.
You must not forget that ALL open ports like 3389 have Internet servers and services running behind them, even if it's on a machine in your home. The same risk and exploitation of Internet vulnerabilities that you hear and read about daily becomes YOUR liability when you deliberately open and expose ports to the Internet.
While it could be argued that no one would be able to guess a sufficiently bizarre user name and password, and while choosing strange names and secure passwords for publicly exposed services is always important, that's NOT the only security risk. Microsoft's track record of publicly exposed, remotely exploitable server vulnerabilities is so bad that it's probably true that they have never offered a server or service in which multiple security vulnerabilities were NOT eventually discovered (and often exploited). That being the case, you do NOT want to be running an exposed "Remote Desktop" server on the day when the community of malicious Internet hackers discovers a means to overflow an "unchecked buffer" or otherwise circumvent your security and exploit the faith you have implicitly placed in Microsoft's security.
So what can you do?
The only secure solution is to prevent your system's port 3389 from being globally exposed. In this way no one other than specifically pre-assigned remote users will have any idea that your port 3389 is open.
If you must be able to access your system from anywhere on the Internet, from any IP address, there is nothing you can do to hide the port. You'll have no way to restrict who can see port 3389 on your system if you need to be able to see it from any IP. But if, as is the case for many people, you only need to access your system from one or a few locations having fixed IPs, or fixed ranges of IPs, many free or inexpensive desktop personal firewall products can be used to restrict the IPs from which traffic to and from your system's port 3389 may flow.
In this way, you may continue to have unfettered access to your remote system from specific locations (by IP address) while no one else who may be scanning the Internet will find any opportunity for potential exploitation.