That is a good question that I had never considered before - as I don't have the supplied router, or have used TR-069 configuration. However, looking at the Plusnet article "How TR69 works", it appears that the router initiates the auto-configuration to the Plusnet servers, all communication is via https which ensures it is encrypted and secure, and you can choose to disable auto-configuration. In addition, this WikiPedia article on TR-069 confirms the Plusnet information, and would suggest that the process is secure. On Friday (19th December) Plusnet did some maintenance on their TR-069 and password systems, so hopefully the latest software and security patches were updated at that time. If your concern about TR-069 auto-configuration is as a result of recent press articles on the "Misfortune cookie" attack which can break some systems, then that topic is being discussed in this forum topic "Is TG582n vulnerable to Misfortune Cookie?" and at this time the Plusnet router is not listed as a model that vulnerable to the attack. I had earlier seen the press articles on this particular attack and had already checked various router vulnerability databases, and had come to the conclusion that the Plusnet routers ware not vulnerable. I don't know whether you are aware that Plusnet have a "Broadband Firewall" on their end of your connection, which you can configure to your desired level of protection, which can be used to prevent unsolicited connection attempts from the internet from reaching your home modem/router. If you have that set at an appropriate level then your router will have an additional level of protection from intrusion attempts that are attempting to discover backdoors on your connection. I hope that has put your mind at ease !