We have many many plugins that require files to be 777 and we get much less complaints than the db-backup.
We have dozens of hosts who do not take the steps they could to better secure files for their customers and make it necessary for files to be 777.
And I have yet to see any such vulnerability exploited in the plugins directory. It's a hit/miss there with probably a much higher miss rate.
Every 'exploit' I have seen here had been in a theme directory and they do NOT need to be world-writable but people leave them that way.
This thread isn't about 777, nor about site management. It's about Skippy being a decent guy and stating something was wrong.