OK, I'm the bad guy who voted "not secure." I don't know all about Asus routers but I do know that electronic devices do not become secure by chance. If they become secure it's because of a lot of hard work by knowlegable people. And in view of the performance problems Asus has had recently I think we can be sure that they have not been working hard on security.
Furthermore, this root:root thing is not a back door---it's a front door. The only people who could install such a thing are people who are absolutely unconcerned about security and can't be bothered to consider how this hole could harm you.
As users of Asus equipment we have two important advantages: Linux, which provides a sound foundation which can be hardened, and the many man-years of expert effort which has gone into learning how to harden it. Besides, we don't have to make our routers impervious, we only need to make them hard enough that these script-kiddies will return to easier victims.
The basic principles of hardening a Linux router are not difficult to understand and are well-documented on the web:
1. Run only the services you must run: firewall, NAT. Any host can run DHCP if you really believe you need it. Static addressing is much more secure, especially if combined with MAC filtering.
2. Give each service only the privileges it really needs. No more running everything as root.
3. Pay attention to the security alerts published by the distros. Because Asus does not publish such alerts, consider installing Debian or Gentoo or some other reputable distro.
4. Simplest of all: when you're not really using your equipment, turn it off. Consider the environment. Consider your electric bill. Consider your credit rating.
.
NE COGITE MALLEUM MAJOREM CAPE
--- motto of a chariot repair shop
("Don't think about it, get a bigger hammer.")
.