The difference is you can ban an actual blizzard account. Imagine you play WOW and a slew of other blizzard games. Do you think your going to risk using a maphack etc? Sure you can create another account but they still may hardware/IP ban you if repeated attempts and each attempt is going to cost you 40 bucks. I imagine they are thinking the economy will be healthy, and time will tell if using the the current battle.net integration reduces the hacks/duped gear running amuck.Yeah, the bit about TCP/IP is so suspicious and hand-wavy.
Since Diablo 2 supports TCP/IP, Diablo 2 needs to be able to act both as a client and a server. So, it already has the client and server code. This can be a security issue because with that, you may be revealing Battle.net server code as well in case it's similarly designed. And if you know a thing or two about the Battle.net servers by reverse-engineering the code, you can develop hacks that work on Battle.net! Boom, security problem.
But. Diablo 2: Resurrected does not play on regular Battle.net. It plays on Battle.net 2.0. So, how does it matter that this ancient server code remains in Diablo 2: Resurrected for it to act as a server in TCP/IP scenarios? It will most certainly not have anything to do with Battle.net 2.0 in the slightest. The original client/server code in Diablo 2 was developed in a different day and age when Blizzard North wasn't even that great at it.
Besides, how serious attacks to Battle.net or gamer safety did Diablo 2 cause during the ages when it's had TCP/IP support? Given Blizzard's arguments, it ought to have been horrible, but was it really? Maybe bot developers have benefitted somewhat? Who knows? Dupe testing on a local machine before going live? But they say Diablo 2: Resurrected already has seen bots though, so... I don't know.
So why not just leave this old client/server code intact, with a new Battle.net 2.0 client code in addition to that. And no Battle.net 2.0 server code in the game. This way, you'd happily play online on Battle.net 2.0 while supporting TCP/IP with their trashy classic network code.