It is a bug, not an exploit, for sure it shouldn't be an intended implication of the developer's intent. This also should not be on purpose. Allowing a transaction to be accepted without user consent seriously harms the ecosystem. In the first place, things like this should be considered if they are aware of the current flawed implementation occurrence. Thus it makes no sense if the smart contract developers were allowing this to happen.
Of course they knew, they were the ones who created this backdoor and vulnerability in the first place. Read the code, they made the code that accepts transactions without signature of the owner of the address. Without private keys. Other crypto like BTC or XRP don't have this backdoor.