I feel I should probably point out that what ubisoft has installed here isn't a backdoor. The bug isn't even related to DRM beyond the fact that the addon itself is packaged with their DRM.
It's really just a common programmer mistake on a piece of code that probably should have been reviewed a few more times before shipping.
U-play installs a browser addon that allows them to produce clickable links to launch uplay. The idea here was probably to help aid support and integrate better with their website by allowing you to click a link that might, for example, connect you to a server, or launch a game. Similar to how the steam:// url scheme works but implemented as a browser addon instead.
The problem is that the programmer who wrote this little bit of code forgot to scrub the input for malicious input. As a result, someone figured out how to embed other launch commands into the scheme that will fire off raw. Basically it allows a website to run program. This obviously becomes problematic when you start command chaining to produce solutions like "download this file, then run it, then i just pwnd you".
So while you may hate Ubisoft, Uplay, or whatever for introducing this security flaw, It's kind of annoying to see people crucifying them for installing a backdoor when they didn't. It should also be pointed out that Ubi had a fix out the same day the story broke.