Ok,networking is not exactly my thing, but how would an external intruder hack your PC if only 1 external IP is visible (server's)?
The vast majority of home networks are behind a singular WAN IP address due to Port Address Translation. Any inbound connection that doesn't have a translation for an internal LAN host ends at the router. Port forwarding overcomes this by saying 'any inbound connection on port x, send to internal LAN host'.
Therefore, you still have a singular WAN IP, yet communications on this port don't end at the router but are forwarded to your internal LAN client.