It's unfathomable to me why any company in the IT security industry would ship a product with an undocumented remote access mechanism built-in. This seems like a sure way, when the mechanism is inevitably discovered, to cause harm to your company's reputation.

I've always felt vaguely distrustful of Barracuda anyway, but it's nice to have some facts to cite when not recommending their products.