An appropriate firewall can pass RealAudio safely. More precisely,
it can carry it leaving you exposed only to the risks of the protocol
itself, without the risk of opening up lots of UDP ports.
The trick is to intercept the outgoing call to the server, on TCP 7170.
Proxy that call, transparently, and either relay the UDP to the inside
or temporarily open up just the one port and host.
This does, of course, require knowledge of how the RealAudio protocol
works. That information is not yet public, so far as I know, but they've
promised to make it available soon. And I'm pretty sure they'll work
with firewall vendors under non-disclosure agreements.