[author here] I'm not supposed to directly call out corporations for mistakes in public because then their feelings will be hurt and they won't be a customer in the future ;)
I was kind of expecting someone to tell me "Spacer" was too obvious and to obfuscate it some more, but they let it slide - probably because this is not a security flaw like I'd usually be dropping, just a general oopsie.
In a sense Windows (Vista) and 7 and 8 have encouraged targeting user-mode processes. The garden variety IRC bots that ship with the "hacking tools" available through various YouTube channels all run in user-mode.
The most common (at least based on my ~10 instance) technique is malware that installs itself into %APPDATA% and sets itself to start on boot. The executable then launches some process (like services.exe) and injects its own code (known as RunPE).
I'm not sure how prolific exploitation of user-mode binaries is, but the damage that can be done from user-mode is non-trivial.
If they're configured to run as administrator, they can get up to a lot of mischief even without running in the kernel. For example, they can open ports to the internet and add firewall rules...
More importantly, if they're installed on a large number of machines, they become an easy target for malware authors - observe the number of exploits targeting vulnerable link handlers like steam and uplay's, where it was possible to invoke an arbitrary executable from a hyperlink.
