Exactly this - what's to stop your own equipment from being the static IP?
I think you both misread what I said.
Comcast requires their business-class DSL customers with more than one static IP to use rented equipment.
They'll let you have a single static IP with your own CPE. They might even allow you two (not certain). They won't let you have a block of eight IPs, which is what I currently have from Covad or Megapath or whatever their name is this week (Global something-or-other).
I think you did not read what I wrote. You use the non-wifi and non-NAT equipment (and you have to demand it, or they will put in the WiFi full wiz bang BS router) and set up your firewall behind it. Yes, you do not own the docsis router. Nor you you own the rest of the routers in their network. But you do own the device doing firewall, NAT and WiFi which nips this security problem in the bud.