- To be able to play over the internet through a router one must set its own computer as DMZ
Using DMZ is the easiest solution because you don't need to worry about configuring ports.
DirectX: Ports Required to Play on a Network
http://support.microsoft.com/default.as ... -us;240429
Special Application Port List
http://www.practicallynetworked.com/sha ... t_list.htm
- The software firewall must be configured to allow MTM2 to reach the internet.
If you have a hardware firewall built into your router, you don't need a software firewall.  But if you have one anyway, then yes, the game must be able to send and receive ip data.
- Doing so will automatically allow MTM2 to use all the port(s) it needs.
DMZ opens all standard ports, of which mtm2 will make good use.  Yes.
- Will these open ports be vulnerable for intrusions?
Yes and no.  Yes, in the same sense that any open port can be probed and exploited.  No, in the sense that there are always some ports open no matter what, and that nobody will know to look for them on your address anyway. 
> My feeling is 'No', because not the system as a whole is not acting as a server, only MTM2
It makes no difference if you're running server software or not.  Worms and such find their way in regardless of what's running.
> and the game would not respond to messages unrelated to the game and from IPs other than those of the racers.
The game will only respond to other game commands.  But that is not the issue.  Your computer, game or no game, can still respond to non game commands through the open ports.  This is why we don't run dmz all the time.
>  But that's just a guess from a newbie and I'd like to get some comfort on this issue. 
 The trick is to open up dmz, run the races, then close it up again immediately once you're done.  The process is as risk free as it gets because by the time anybody could discover the open ports, they'd be closed up right away anyway.  I don't want to encourage complaisency, but you shouldn't have anything to worry about.
Tip. Don't post your ip address in a newsgroup.  Fixed ip addresses pose more problems than dynamic ones.