you mean that if somebody could gain access to the CSS and from there access the rest of your network ?
First I don't see how you could gain access to the CSS. If this happens and you control everything on the CSS, I assume you could send traffic wherever you want. However, there is no telnet or ssh client on the CSS. So, I don't know what you could do.
And you could not use the CSS as a router between INET and the management port since this are separated routing table.
Gilles.