This is the kind of exposure that has been known in the circle of companies who build these products. Same issue exists in SD cards.
All of these devices need to have a secure firmware update mechanism where the end points have to be trusted. Of course we can't put the genie back in the bottle.
And yes, this is one of the most common ways computers are compromised in government actions. They leave USB cards in bars and such and the workers take them into secure areas and expose the whole system that is otherwise partitioned off. Iranian centrifuges were likely corrupted this way. This hole though is being plugged. My HP laptop for example by default will not open a flash card without user authentication. And even there, it times out after a few minutes. You can override it of course but it is a pretty secure mechanism.
Probably primary ones able to make use of such a hole would be NSA and Chinese IMO, and those that deliberately use a rogue USB device to plug into USB port of a machine.
One that many audiophiles (especially those streaming) should consider relates to NAS and even simpler devices being controlled by hackers; if I remember one was using a serious amount of these type of devices as a cloud computation.
Just found one article on it: http://storageservers.wordpress.com...eing-used-for-crypto-currency-mining-schemes/