Some of these routers can be crazy insecure. Just some fun from my own experience: before I got mine switched into bridge mode by my ISP I managed to disable the wifi on it despite the ISP blocking that functionality. How? By removing the disabled attribute from the select element via the devtools. I also know a friend who found his password in plaintext in a script tag in his router’s login page. I understand that nothing is absolutely secure but this is just tempting fate.