It would take a little extra effort on the part of Linksys and others, but home routers should come out of the box with encryption enabled and the password set as serial number of the unit.
Leaving encryption off and having the admin password as “Linksys” or whatever is just asking to be hacked.
Just had to replace my DSL modem/router. Got an ATT modem and a Linksys router. Both had to use the ser # to set them up. Then you can set up any password you want. Of course, if someone uses their child's name then they are the ones vulnerable.