SECURITY DISASTER. Web Services Management exposed to the public internet! (with workaround)

Today I discovered that my router's web interface was exposed to the world on port 80! That's scary!!

The web UI told me that "Turn Remote Management On" was unchecked, but apparently that didn't matter.

In a bit of a panic I took a backup, erased the firmware, and tried again. Router's web interface still exposed to the public!

I have been running V1.0.4.68_10.1.75 for ages because I have learned that updating firmware is a bad idea (loss of dlna, bad performance etc), but I decided to update to the latest firmware, V1.0.4.76_10.1.82 in the hopes that this was fixed.

Nope. Netgear have REMOVED the "Turn Remote Management On" checkbox altogether and added "Always Use HTTPS to Access Router" option, but that just means that hacker's attempts to access my network are now encrypted, which doesn't help me at all.

Now they don't even PRETEND they can stop people from accessing your router's admin interface from the internet.

This is a bat-**bleep** crazy security disaster! I wonder if anyone cares?

Thanks.

PS: There is a work-around. Port-forward port 80 and port 443 to an IP address in your network with nothing connected to it.

PPS: What is the deal with the editor they've selected for this forum? It's seriously broken!