"The path to the file is https://[router ip address]/romfile.cfg and the password is stored in clear text there."
Seriously?!?!? Why on earth would you even do this?
the source code for the router log-in page (again, accessible to anyone that can reach its built-in web UI server) contains the ISP username and password of the user in plain text.
A glaring security oversight this isn't, it's just plain stupidity and laziness.