It's not a backdoor, it just enabled Firefox's remote debugging tool by default
Just? I'm sorry but that's just a terrible mistake to make, especially for a browser that people use to surf the world wild web. I don't know if you've ever used a remote debugger (I do), but depending on the debugger, it can be a very powerful tool, you can do a lot of things with it. I don't think calling it a backdoor is a massive exaggeration. I don't doubt the developer's good intention, but this issue shouldn't be dismissed as an insignificant issue.
To add insult to the injury, it didn't even prompt the user for it.
Zen is as secure as firefox is.
Unless you tweak the default Firefox settings in the code base, e.g. https://github.com/zen-browser/desktop/blob/dev/src/browser/app/profile/zen-browser.js#L258 (allow unsigned extensions by default).
Children with stupid names should be allowed to change their parents' names!