yes, this is bad. Another example that firewalls can be circumvented, especially by internal users.
Similar tools :
- iodine (tunneling over DNS)
- ptunnel (tunneling over ICMP)
What happens if you combine this with encryption/steganography? How do you detect and thwart these attacks? Is deep packet inspection up to the task? Fascinating "research" subject :)