Authorization and access control are different problems. You can use ssh to create a auth-free SOCKS5 pipe, for example (lots of us do this every day), but that's not an "open proxy" because it's e.g. listening on ::1 or on the internal network interface, etc...
They are usually hosted by malware installed on a vulnerable system. And if they are SOCKS proxies (vs http proxies), then they can send send spam using the IP address of the infected device.