I must have missed that in the message so it is worse than it seems.
My comment about bridge mode is more than just problem like this but also in that in gateway mode, in addition to the vulnerability just mentioned, the unit can easily be returned to factory defaults where the userid and passwords are publicly known. While it hasn't happened with more recent devices, I saw this happen once on the older SMC models when receiving a firmware update the unit got reset back to factory defaults. I also have never liked the idea that an entire support organization like Rogers being quite large can have remote access into my home network and possibly reset my device and open up and see the internal side of the network in the process. I realize many people want that and need that type of support but I'm more cautious than this and don't want anyone from the outside being able to get in easily.
Private routers can have vulnerabilities as well, so it's still important to choose models carefully and make sure updates are installed on any technology as weaknesses get exposed.