This is necessary for scenarios such as remoting, serialization, materialization, etc. You shouldn’t use it blindly, but note that these facilities have always been available in any system (essentially, by addressing the memory directly). Reflection simply formalises it, and places controls and checks in the way – which you aren’t seeing because you are presumably running at “full trust”, so you are already stronger than the system that is being protected.

If you try this in partial trust, you’ll see much more control over the internal state.

Is it an anti-pattern?

Only if your code uses it inappropriately. For example, consider the following (valid for a WCF data-contract):

[DataMember]
private int foo;

public int Foo { get {return foo;} set {foo = value;} }

Is it incorrect for WCF to support this? I suspect not… there are multiple scenarios where you want to serialize something that isn’t part of the public API, without having a separate DTO. Likewise, LINQ-to-SQL will materialize into private members if you so elect.