Where is the screenshot in your original post from? That's not Linksys (like your last post), is it?
By forwarding those three ports (inbound), your router will allow anyone on the Internet to connect to 192.168.0.106 (using those ports). I assume 192.168.0.16 is your Iro. In my opinion, you don't want to do that. The only time that'd be needed would be if Rachio's server were ever trying to initiate a connection to your Iro, which as far as I can tell never happens. I don't have any ports forwarded for anything on my router, and my Iro, Ecobee 3, gaggle of TiVo DVRs, and a bunch of home automation stuff all work fine (because if they need to talk to their servers, they initiate the connection, not the servers).
I think the purpose of Rachio identifying the three ports (53, 80, 8883) is for networks who don't allow all ports on the LAN out to the WAN (Internet). IMO, this is more common on a business network than a home network. For example, where I work, the only two ports they allow out to the Internet from employee computers are 80 and 443 (for web surfing). Every other port is blocked. So if I had an Iro installed at my desk (to test?), it wouldn't be able to talk to Rachio's servers because my employer's firewall blocks traffic on port 8883 outbound. IMO, knowing that the Iro needs ports 53, 80, and 8883 are only useful for locked-down networks like that. If I had to get the Iro working at work, I could please for the security guys to open those needed ports. Home networks aren't locked down like that (nor in my opinion should they be), so no action is required in regards to those ports.