I left a backdoor in most my games e.g. you can go to wordsmashing.com/tests which runs the tests in production D: that plays all the levels and unlocks everything for you.
Running my tests in production live allowed me to test in the exact same environment that matters which gives me more peace of mind that things are working. Because these are indie games i can get away with doing something like that where normally a more complicated business would be terrified of people/crawlers finding that out and using it too much creating lots of data in production and potentially bringing the site down or leaking information about the internal workings of the code ect (my games are all open source on my Github anyway), they would probably create a dev/testing/staging environment with some copy of production data and run tests there but that would be a bit more time consuming which i couldn't afford for these pet projects. :)
I also had to implement a "you must share this to gain access to next levels" type of feature where we made development easier by not actually requiring the user to share anything it would simply unlock said thing on a timer, users would think they had to share the thing to get it to do that but we werent looking at the response from the social network at all.
I know of other instances of companies selling small things like games not authorizing the "buy now" route thats hit as a callback from a payment gateway like stripe/paypal at all assuming normal people wont find it, if a few thorough hackers get a free online game or two it is really a drop in a bucket
Sometimes strangely enough its okay to trade security/data integrity/correctness for something like development speed especially if the potential impact and likelihood of the bug is low enough.