How worse than Single User Mode?
I'm no fanboi, but usually physical access is enough to set the root password on *nix. Root passwords get forgotten like other passwords, after all.
Is it exploitable over a remote desktop connection? That would be worse.
It does raise serious questions about basic quality control, nevertheless.