My question is how could OpenSSL still have had this potential backdoor? Why was this not removed at first opportunity?
The trouble with removing old/weak modes is that you break interoperability with systems that only support those modes. Implementations that were limited to export modes only didn't disappear the instant the export restrictions were lifted. In some cases old versions of software stick around for many years because there is some problem that blocks upgrading.
So someone has to make the difficult call as to when the risk posed by supporting the old/weak modes outweighs the interoperability issues that will be caused by removing support for them. Inevitablly making changes is harder than doing nothing so said calls tend to err on the side of "too late" rather than "too early".
Furthermore SSL/TLS is supposed to protect against downgrade attacks. So removing support for old modes doesn't seem as urgent as it otherwise would be. Recently however we are finding that the protection against downgrade attacks is not as good as it should be.