In order for me to "exploit" single-user mode on a Mac I need physical access to the machine, as mentioned many times. If OFW is set for "command" mode this "exploit" is essentially nullified. In order to reset OFW I would need not only physical access to the machine but I would also need to be able to pop it open and mess with it. If I've got the time and access to pop the machine open I could just as easily rip the hard drive out to do whatever I want to it. At the point where I've got that sort of convenient access to a machine a root password isn't likely to stop me from doing what I please, especially if I'm willing to go to such efforts to mess with said computer.