It is exposed through docker, just via a separate container. The reason for doing so is that a container can't have new port mappings added after it is created.
Using the socat container allows me to access a port on my original container that I wouldn't be able to access unless I recreated that container.
As for why the database didn't have port mappings originally, it is best not to allow network access to things unless it's necessary. It's the principle of least privilege.
