Q: Does it still make sense to test for dial-in vulnerabilities?

A: Yes. Any method of accessing corporate resources from external sources should be tested. This could include just the known dial-in phone numbers or perhaps the entire DID block of phone numbers allotted to the client. Don't forget about the phone lines connected to your PBX!