Although I've updated the network name, passcode and admin password, I've never updated the firmware on any router. My reasoning is a case of balancing risk of two different events.
Possible event the first - some miscreant finds my router and manages to hack their way into it by exploiting an unpatched vulnerability in the firmware
Possible event the second - I update the firmware in good faith, only to have the router suffer because of some bug in the firmware. When I eventually get back online I read an El Reg article about how the latest firmware from <x> is bricking routers up and down the country.
On balance, I fear well-intentioned vendors more than I fear ill-intentioned hackers.
But that's just me - YMMV