A properly implemented TR-69 system is going to be more secure than any machine this guy is running on his network, guaranteed. The administration server address cannot be changed from the user accessible interfaces, the connection is initiated from the CPE to that server instead of the reverse and there are multiple layers of verification and encryption in use before anything is actually allowed to be updated or changed.
Remind me since when do we trust big companies to set anything right to protect their customers from outside threats. They get the best setups in the world for their corporate networks, but their end-users can all go suck dirt where they're concerned.
Also I wouldn't leave out the possibility that they're getting all sorts of data concerning their customers' LAN, to target them for advertising for, say, faster networks, or TV set-top boxes like the Roku player if they notice a lot of video streaming.
Remember, big corporate cares nothing for their customers, they just care about selling you as much as they can, and then some, to increase their profits and cater to their shareholders' wishes.
COMPASS [for the CDC-6000 series] is the sort of assembler one expects from a corporation whose president codes in octal. -- J.N. Gray