Does that mean if someone knows my password (and has DSL enabled on his line), he can misuse my account.
Absolutely, dial up accounts are vulnerable to this problem too. MTNL is setting the default password to the "CA" string for your tel. account (which shows up only your bill) but then it is _your_ responsibility to change it :)
If ONLY to cope with some strange MTNL eccentricity, and based on my experience with my "responsibility to change it", I urge you AGAINST changing the default password from the "CA" string. Because.... I am aware of two instances (different triband accounts) where on the next day after the change in pw, and internet access was NOT possible, until a complaint was processed and MTNL reset pw back to CA number at their end (which means typically a couple of days downtime). Both the separate instances occured some two months ago.
For the benefit of those who may not be clear/familiar: It should be noted that there are two separate username+passwords on the MTNL triband config activity.
One username+password is for access to the ADSL router. (which was ok to define and redfine as you please, and where the default is admin/admin).
The other username+password is the login for gaining access to the internet (which is the phonenumber+CAnumber, and which I think is a pain-point if you attempt to change the password).
Bye vkb