Can telnet be disabled or the password changed?
If so, I don't see why this is a problem. You have to leave a new router open for people to access it, or they can't do any configuration. They all start out wide open in the GUI, and make you change the password first thing. If the password for telnet isn't reset when you reset the GUI password that's a problem, because the typical home user would say "what's telnet?" if you told him about this.
The biggest problem I have with this is using telnet instead of SSH. Not because unencrypted traffic on the local network in a product designed for home use is really an issue, but because telnet is outdated and you don't want to encourage anyone to use it even in cases where its insecurity isn't a problem.