I agree, but if we start listing every massive security vulnerability that can be found on the intra-home LAN in consumer-grade routers and home electronics equipment, or things that people operate in their homes with the factory-default passwords, we'd be here all month in a thread with 300 emails.
I'm sure this ISP will realize what a silly thing they did if and when some sort of worm or trojan tries a set of default logins/passwords on whatever is the default gateway of the infected PC, and does something like rewrite the IPs entered for DNS servers to send peoples' web browsing to advertising for porn/casinos/scams, male anatomy enlargement services or something.