While very true, it is very worthwhile changing the default password on the routers management page.
Some bits of malware will actually attempt to compromise external firewalls now, by looking for the management pages on the routers web server and altering protection, opening up port forwards etc.
The most nasty ones will actually attempt to reflash the router with a modified version of firmware that includes a botnet!