Under the hood you have a Linux system with firewall. Even the Linux-based Linksys firmware is pretty darn good in this regard.
Today, very few Linksys routers run Linux (The WRT54GL being a shining example). Instead, they run home-grown firmware based on the operating system VxWorks.
I'm sorry but it's a fact known by anyone doing this professionally (not me but find and ask one!). The low-end VxWorks routers are pure junk in comparison. They are "good enough" and geared for marketing, low cost and minimum support calls.
For thousands of dollars you get lots of powerful hardware to run so fast you can handle a city... features that need training... but functionally you already have the golden base. It just runs a little slower.
EDIT: Will Tomato ever have security flaws? No way is anything in security solidly fixed. It's always a moving target. But the community behind it, starting at the Linux community itself, is about as good as it gets (neglecting the NSA budget of course