I take it a step further, I buy appliances with exactly the feature set that I need. I admit it gets harder and harder. The usual dialogue in the store:
"I want to buy a $device without $feature"
"Sir, we'd have $device here, you can disable $feature in it"
"Where? I don't see the switch to turn it off."
"You can disable it in the configuration"
"So... I can turn it off in the config and anyone who can get into the configuration page of the device can turn it back on?"
"Umm... yeah, but you'd be the only one who can"
"You need a password to access it"
"Want to bet that I do?"
Chances are that I have an exploit for the device in question ready. It's kinda scary what amount of information you can get as part of a CERT. There is virtually no router/ap in existence that is actually bulletproof (and no, price is BY NO STRETCH any way to measure security here), with no exploits and no leaks that allow an attacker access to some, or maybe even all, of its functions.
At the same time, featuritis creeps into our appliances. Everything needs to have all sort of "features", whether they make any sense or whether they don't. I can see where that comes from, on one hand it doesn't really cost anything extra to give the router UPnP capability, on the other hand it's something you can write on the feature card. And that card is what the clueless home user takes to pick his router. "This one has 5 features, that other one has 7, they cost the same, I take the one with 7 features". Does he need them? Heck, he doesn't even know what those features are!
It's ok if the device has a hardware switch that turns such features off. Of course only if that "turn off" really means that the switch enables and disables the power flow to the key component for the feature, not that this switch sends a signal to the CPU that the user wants to disable something. That's easy to ignore.
But of course, that would cost a few cents. So you won't find it on too many devices...