By being able to modify executable files on the webserver, an attacker can add a backdoor through a security hole quite easily. Without, he could just make use of the security hole as of itself.