It's never been proven (as far as I'm aware) that the guy was actually able to send commands to a real plane. It's no surprise that he was able to read data, because the seatback screens have to get the flight data they display from somewhere. But actually sending commands that will reach real systems is a pretty big leap.
Throwaway account to remain anonymous because these aren't nice words.
I worked with Chris Roberts for a period of time. Making things up to scare companies into dumping cash on him is kind of his 'thing'. I never once actually saw him perform any real exploits or produce anything of value except scary/funny looking powerpoints and lots of trash talk. In this case he just stepped a little bit too far with his made up scenario & nothing ever came of it.
You say that, but I'm always astounded when they talk about cyberterrorists being able to get into the power networks and similar bits of national infrastructure which really shouldn't be connected to the public Internet at all.
I don't know a ton about a modern airliner but my guess would be that the door between the server compartment and the cargo bay can't simply be opened from the cargo bay, as it would be way too easy for anyone to enter the cockpit.
Luggage is rolled in with containers and then locked in place (to prevent them rolling around), that's what the rails at the bottom are there for. You would not be able to get out again.
At that point, if they can get in there (or anywhere near the door), they may as well leave a bomb or equivalent explosive/incendiary device (a big enough lithium battery should do the trick). Actually accessing the equipment room isn't really necessary.