I mean, you could set any other non-standard bit in the header and get the same "covert channel." There's nothing special about this bit aside from the fact that some middleboxes will drop packets that have it set (which makes it an unreliable channel and thus a particularly bad candidate for data exfiltration), and some monitoring tools will parse it. Whereas if you chose any other non-standard bit, you can guarantee no monitoring tools will know how to parse it, and it's unlikely any middleboxes will drop it (unless they're dropping any packet with non-standard bits in the header).