There are a significant number of vulnerabilities in those routers as well. Hell, I remember a big stink because someone figured out the default Linuxsys password and was able to login to other people's routers remotely. Of course this was fixed with a firmware update, but the point is still valid.
The firewall built-in to LinuxMCE is the exact same one you would find in many of those routers (simple NAT, often using IP Tables). The default configuration is a sound one. You are right, however, that all these services do present a security risk and if you want to have that extra layer of protection, go ahead, but if you think that makes thing easier, you're dead wrong.
Yes, I would like to see a hardened kernel in the core with stack overflow protection. I also wouldn't mind having the router portion of this in a vmware environment. I agree this isn't the most secure method at current, but it is in no way in-secure.