That may very well be a true for a small shop, but in a small shop you may not actually have dedicated systems for a complete Dev cycle anyway (Dev, Q/A, Prod) and if you do, it may be acceptable to let the devs have access to production systems (they may even be the only people capable of maintaining them anyway). In a large environment review processes should prohibit backdoors - if not, then you need to fix the review process. But somewhere in-between are those businesses where it can be difficult to balance system integrity and security with development access.