From another perspective
I'm a Be member, have been since the first trials. Couple of things I'd like to say:
First off, Be aren't a big ISP. Secondly, their service (for me and the many colleagues at work I've recommended it too) freakin love it. Its fast, they dont mind when you use it and how, low latency and 1.4 meg upload. If you dont mind that their customer services seems not very helpfull* + tech department seem a little naive, I'd not let this put you off.
The routers aren't ours, Be supply them. You dont have to use them, but you get no support if you dont.
Thomson write the firmware, its a very extensive and configurable from the command line and it makes a lot of sense for an ISP like Be to be able to tweak and diagnose problems in this manner. Sky do something similar.
The real problem is that the passwords for these hidden accounts are easily extracted from the config. That (imo) is a design WTF from Thomson, who took an absolute age to make a firmware with a web interface that supports IE 7 (iirc, this was the failed upgrade from before..).
Ideally, each unit should have had a unique salt built into the hardware. Would have cost about £0.10p. Be could then have loaded their config in plaintext; any following dumps would have passwords encrypted with the hardware salt.
I do think getting cut off was a bit harsh, although the guy clearly didnt help himself by not clearly outlining to Be that
a) there was a problem with their device
b) it should be fixed in a timely manner
and c) in <some time> I will disclose this information to buqtraq@securityfocus