I have long advocated for separating everything - the cable modem / DSL modem should JUST be an interface to the upstream provider, with no NAT and DEFINITELY with no wireless. See the issues with Xfinity and other providers who are now piggybacking their "free" Wifi on customers' connections - I bet it'll be shown in the near future that the already existing NAT table size issues, which already cause many consumer devices to be problematic, are being exacerbated by trying to maintain state entries for the "free" wireless, too.
So you have a cable / DSL modem which is in bridge mode. Then you have some sort of NAT device. If you like running your own OS, a Raspberry Pi or some other tiny StrongARM device is cheap and can run whatever GNU/Linux or BSD you like. Heck, you can even still use your WRT54GL if the CPU in it isn't limiting the speed of your upstream connection.
Then, you have your wireless device. Again, I strongly recommend something that just does bridging - you have the simplest setup because you're not using the wireless device for NAT or any other "features". With all the stories about consumer devices having poor security and intentional back doors, the less exposure, the better. Personally, I pay extra for Apple because the 802.11ac Airport Extreme does wonders with existing 802.11n clients.
The great thing about this is that you can have as many segments as you want without needing a switch which does VLANs. You can plug two USB-ethernets into a Raspberry Pi, for instance, and keep your wireless and wired networks on completely different segments. Or three, and you can have your old device provide a completely separate guest network.
The best thing about this setup is that if one device fails or is shown to be insecure and the manufacturers won't fix it, you can just replace that one device.