Even if openssh itself has no security holes, that's not the point. The points I brought up were concerned with misuse of the shell access openssh grants. THAT's what I'd be scared about if I were you.
This is only an issue if you don't take the time to setup the tunnel properly. Use a non-root account created only for the purpose of tunnels (with a locked password and a bogus shell), setup the authorized_keys file with command="/bin/false" so they CAN'T run any commands, and then use the -N flag to ssh to not execute a remote command when you setup the tunnels. We use reverse tunnels all over the place at work for logging and other stuff that needs to pass back through the firewall from the DMZ networks. A secure server inside the wall opens an SSH connection to the DMZ server, then forwards a port back through the tunnel to the server. The DMZ server never has to know anything about the secure server, nor be able to connect to it directly. This opens a small security hole in that if the DMZ host is compromised the bad guys have a single port they can access into the internal network, but we mitigate that risk by running syslog-ng on the secure server non-root and chrooted. *b -- People who are willing to rely on the government to keep them safe are pretty much standing on Darwin's mat, pounding on the door, screaming, "Take me, take me!"