The first is a flaw, not an intentional backdoor. The second requires a person to login as pnadmin and then execute the "expert" command with the expert password. This cannot be done remotely or without logging in as pnadmin. This doesn't look very catastrophic -- someone would have to hack the pnadmin account and if they did that, they wouldn't even need the "expert backdoor" because they would already own the box.

From your link:

"This privileged account is intended to be used only by authorized Cisco development engineers for advanced debugging purposes. No direct remote access to the root account is permitted. In order to access a privileged system shell, users must first successfully login into the CS-MARS system administration command line interface with the pnadmin account. Once authenticated, the root account can be accessed with the undocumented command expert."

They could easily build these features into the software. Each peer could phone home to a central server and tell what files it has passed. It could also grab new configuration files that tell the p2p software what files get the red carpet.