I've used that and Dell's DRAC. They have their uses. We ran those on a separate network, and it was somewhat routine to use them to get into a host that was locked up or had disconnected from the network somehow.

It's definitely a security risk, but at a big company with a poorly managed IT department it wasn't the worst offender.