Never leave your receiver's root password at its factory default. If an attacker gains entry to your local network, they can easily download your config file.
