I'm am also an AMX programmer (see my username), and I program Crestron as well (main competitor). While this is all new news to me as well, I can concur with the OP on several topics.
Firstly: AMX doesn't make hardware dedicated to government use. It's used in in lots of places, schools, homes, businesses, churches, government facilities and the like. The headline makes it sound like it's a defense contractor that did this. No excuse here, though, as a backdoor on anyones network is not good, but it's not good.
Secondly: AMX has taken strides for over the last 10 years to implement this small industries best security in the class of hardware they make. They ARE an engineering driven company, and I would be shocked if this was implemented for nefarious purposes over being a mistake.
Thirdly: I can also attest to the OP's comment, that the majority of these devices are being installed on air-gapped isolated networks that only connect to the AV gear located in a particular room. When they are attached to a larger network, or clients network, they are usually isolated on a seperate VLan dedicated to the AV gear and other controllers in other rooms/systems.
Forthly: This isn't a typical network appliance that many of you might be familiar with. It is an embedded controller, it doesn't access other computers or servers, it doesn't have hard drives, or the capabilities of a general purpose computer/server. It runs custom written code that communicates to A/V gear (projectors, monitors, audio DSP's, and video conference units, etc) to control them for the user from a custom GUI touch panel. They don't have access to data stores, or have sensitive information passing through them for any purposes. The most sensitive information that it might have that I can think of off the top of my head might be a phonebook list from a video conference device (names/contacts).
These units normally do not have internet access, so to access this backdoor, you would usually already have to have local network access anyway. While I'm not positive what this backdoor could allow a person to do, the most common/likely thing that could be done might be to wipe the existing programming or insert some extra commands to devices, which might play havoc with a system (turning it off in the middle of use, or turning it on by itself, or making it inoperable). I just don't see how it would allow actual real nefarious actions like accessing sensitive information or stealing secrets.
Because the other AV devices that these controllers interact with are only for control (many use simple RS232 serial) some telnet or other, there is really no danger, or possibility of using these backdoors to say, capture or evesdrop audio from the room, or spy on a video conferencing session, or "see" what is being displayed on a projector or monitor. The protocols of these devices are for control only, and do not actually transport this type of data on these connections. For instance, an AMX controlling a cisco VTC codec would be able to make calls, hang up calls, move cameras and other actions similar to the manufacturers control interface, but not actually "see" or "hear" the content of the video conferencing session. That's just not how it works, or what it's able to do.
I give AMX the benefit of the doubt on this one, while it was a mistake, and got magnified because of their installation in sensitive areas, the AMX team is good set of engineers. Thier aquisition by Harman might have changed things a little, but I still don't think this the security hole that most here are picturing. It's not like these things have access to data streams of an entire network passing through them like the Juniper switches we read about a few weeks ago that have backdoors.