This isn't a rootkit. I'm tired of every single thing that people don't like that has an unintentional security hole being called a rootkit.
Several criteria need to be met before something should be called a rootkit.
1.) It must be malicious.
2.) It must be purposely hidden from user and traditional forms of malicious software detection(AKA virus scanners).
3.) It must enable continued privileged access to the computer.
In this case, only number 3 is met. The backdoor was not malicious, it was unintentional, and the plug-in was not hidden from the user. Therefor this is not a rootkit, the term rootkit is only being used to make the threat seem worse than it really is. This is nothing more than a plug-in with a security hole that was fixed extremely quickly after being found. No need to call the national guard.