It's more like an override, provided by a feature many people don't use. If they were using it they'd probably change the password from 'admin'.

You can't add a backdoor with a password and then claim that's the new master password.