Eugene's observations

Once upon a time there was little need to put a secure password on the management page of your router - after all, the bad guys would have to enter your house before they could do anything, right ? Times have changed though and now passwords are a sensible precaution as the default passwords are trivially easy to find out and the manufacturer of your router is easily identifiable from the MAC address.

It is possible for a mobile app to be hijacked so that it can be made to scan local wireless networks (to which you have legitimately connected or are just accessible but unsecured) and with unfettered access to the router it would be possible for it to modify it so that traffic gets diverted to a password seeking proxy, or modify DNS to redirect some addresses to phishing sites. In neither case would the router's owner know that they were being scammed.

Whilst here a word about encryption of wireless signals. Unless you have a particular reason not to (*), always secure your signal by the strongest method compatible with your devices - WPA2/AES ideally. The chances of an open network being used for nefarious purposes could be rare but are certainly real.

* I can't think of any reason for having an unencrypted network. If you own a pub or hotel then you should invest in a router capable of being accessible to guests knowing a password and offering more than one access point. Performance is not a concern as it used to be. There must be some good reasons but I can't think of any now.