Knowledge that this environment exists is also strong evidence that it was a backdoor.
If you propose a clearly questionable security practice in some arbitrary bureaucracy, the assumption is it's incompetence because that happens all the time and no one detects it until it's already in production.
If you propose a clearly questionable security practice to a cryptography standards body, the expectation is that you get laughed out of the room. Even the possibility of a backdoor would make everyone skeptical, which would be useless in a standard because no one would trust it.
And yet it made it through the standards process for some reason, but there is only one plausible reason.
If you propose a clearly questionable security practice in some arbitrary bureaucracy, the assumption is it's incompetence because that happens all the time and no one detects it until it's already in production.
If you propose a clearly questionable security practice to a cryptography standards body, the expectation is that you get laughed out of the room. Even the possibility of a backdoor would make everyone skeptical, which would be useless in a standard because no one would trust it.
And yet it made it through the standards process for some reason, but there is only one plausible reason.