Pretty serious, considering that these devices can do iSCSI - meaning any machine with access to it over the LAN, such as any machine that is getting some iSCSI storage from the device, can now do nefarious things.
Would it not be the case, that a compromised machine that was mounting iSCSI, might then be able to access the hidden admin feature? It could then mount other volumes read-only and read data meant to be private...
Not necessarily. In most cases administration access to these things are on an entirely separate network from connection protocol. Having an iSCSI / nfs connection isn't enough; you'd also have to be on the same network as the management interface.