One concern I have with people leaving the default maintenance login (admin/password) in place is access from the Internet side.

You can configure WPA or whatever to secure your WiFi side. But there may be Evil Things people can do if they can get in to your router from the public side. Turning on or off some features to use it as a zombie proxy node, for example. That will allow them to anonymize their (probably illegal) activities through your home location. Or just get in and break things.