They have a lot wrong. You can access everyone's modems using the internal 10.x.x.x ip. I forget the 2nd number but 10.y.x.x where y matters then random for X you can browse thousands of modems. If you know the passwords that easily found on Google you can reboot random customers modems.
Very true... I feel like the average customer isn't ever going to login and change the default password (in the case of the ultraTV gateway), and with port 80 left open and the network open to sniffing customer modems... not good news. It's a smaller company though and the average person that signs up for WOW isn't going to be doing anything talked about here, so I can understand why it's not a HUGE concern and why the money/effort is being focused on other areas of issue.
They are not so small anymore. With the purchase/expansions in Michigan and the purchase of Knology they are now one of the larger cable co's. They may not be comcast or Time warner big yet, but they are not a small company either.
Also the passwords cannot be changed by the user for the modem. On the older SA ones WOW! would need to change if they can, and they don't, just google it and you have it. Arris uses a password of the day that changes every day, that ISP's have access too. Also a quick google gives anyone access to it.