Yep. Anything that can connect _out_ to the internet can be misused to connect _in from_ the internet. All it takes is a human or technology flaw on the inside to "breach" your outbound connections only security policy. As a whole bunch of unwitting Log4J users recently found out. Reverse SSH Tunnels aren't all that different from Remote Access Trojans.