And what I am saying, with all due respect, is that the notion that "virtually all security devices can be circumvented" is misleading.
If you take it into a broad and global sense, that's of course true - but becomes very impractical after a bit. If you can't break the Wifi, you break the house. If you can't break the house, you break the ISP's premise. If you can't do that, you start a revolution and take over the country, then nuke the country, start an intergalactic war, etc..
However, you can only talk about the validity of a security device by the scope of the resource it is protecting. And in that respect, a Secured Wifi setup can only secure *ONE* thing : your wifi connection (but not any underlying resource - your house, your DSL modem - or your kitchen stove).
The whole point of a security device is to make it so that it is not economically viable to go *through*.
And in the respect of the OP context, the proper setup of the WiFi as a security device would seem to have been enough to secure both his WiFi and his internet connection and thus is liability with regard to German law. IANAL, but if someone broke in (thus - in your term - circumvented the security device(s) - the WiFi protection, the door lock, the window glass, whatever) and downloaded whatnot from the DSL line - he would have not have been liable since he would have put reasonable effort to prevent the misdeed from happening - and thus, the security device would have performed its function.