As for why it listens on any port at all, that is (or at least was) the only way that a browser extension can communicate with a local KeePass instance. If you’re worried about that, Kee Vault keeps everything within your browser so there’s no need for a port to be opened if you use that service.
There’s lots more information about KeePassRPC and how the port gets used in the documentation on this site. E.g. KeePassRPC connection overview