When someone buys your bit of kit, why would they want you to be able to access it via its baked-in key?
Because they expect me to log in remotely and troubleshoot their problems.
When I was maintaining the code for an expensive appliance (didn't design it, mind you), all those boxes in the field would connect via VPN to a central vendor server. Every firmware version had a different hardcoded root password, that was deemed secure enough.
Customers could disable remote maintenance but hardly anyone ever did.