Wouldn't like to comment about the security and privacy of Sky Broadband equipment.
As for the BT equipment, personal view is that it is undesirable for the operating system of the VDSL2 modem to be accessible by anyone other than the end-user himself.
The TR-069 remote management software in the modem relies on a private asymmetric encryption key for remote access. We do not know who holds a copy of that key.
We can assume that one keyholder must be British Telecom, since the public key that is found in various models of CPE from both ECI and Huawei is identical. However, we do not know the security under which the corresponding private key is held. Maybe British Telecom shares the private key with third parties such as other Communications Providers.
All that said, my hunch is that the security of the modem from casual attack remains good, so long as the crypto system has been implemented properly, and secure key management is maintained. The private key is a 2048-bit RSA key and a brute force attack remains infeasible.
Further, the TR-069 socket-based services in the modem are only 'listening' on tagged virtual ethernet channel 301. For security reasons, VLAN 301 is filtered on the WAN-side, either by the DSLAM in the cabinet, or in the exchange, or somewhere beyond that.
For 'Harry Hacker' to remotely crack one of these VDSL2 modems would probably involve cracking the DSLAM first. Nothing is impossible of course. But perhaps the greater risk comes from running negligently patched, infrequently updated or obsolete software on the PC itself.
cheers, a