Why is forwarding port 80 more insecure than the others?
Forwarding port 80 is no more insecure than any other port. In fact, port forwarding itself is not inherently insecure. The security concern is that it allows services that are normally protected behind some kind of firewall to be accessible publicly. If the exposed service has any vulnerabilities or misconfigurations, it can and and often will be quickly exploited by attackers.
Seeing how a mix of other ports were allowed (notably 21 - FTP and 8080 - HTTP alt/proxy, which don't typically use TLS and could be considered insecure), it seems like the concerns aren't really security oriented, and are fallacious at best. Perhaps there is some business reason they do not want to expose port 80, but there is no valid technical reason I can see to disallow port 80 while allowing other common ports.
Port 80 is not more insecure by itself than any other port. Simply it is the common HTTP port so it has very high risks of being scanned, and applications behind it are expected to be web applications.
That is were security admins begin to see red flashing lights. It is possible to make secure web apps, but that is a real work, that commonly involves reverse proxies, admin restricted servers, and a strong configuration review. When you ask that for tests, and at the same time explain that you have not set up a DMZ, that let think that you will have some web server running in your normal machine, that probably has full access to internal network and a lot of tools installed. If you run some old PHP script on it, chances are that flaws in the script of the libraries open a breach that an attacker could use to reach any other machine of the network.
Port 21 on the other hand is for FTP. FTP has very poor reputation because it often leaks client credentials by passing password in clear text. But on a server point of view, it is a very simple protocol and current implementations have been extensively reviewed for decades and are considered secure on a server point of view.
Long story short, HTTPS is considered very secure for the client and HTTP is acceptable, but both require strong security knowledge server side while FTP is a security nightmare for the client but is harmless for the server. And the proxy admin's job is to protect the server side...