I certainly was not made aware of any remote maintenance capability when I signed up with both Spark and Vodafone. The one good thing this article has done despite it's flaws is made people more aware of the fact so they can then educate themselves on the matter and then make an informed decision on whether to disable any remote access capability to their modem.
And if you knew anything about security you'd realise that like disabling Windows updates, disabling TR-069 would be a massive mistake from a security perspective.
The great aspect of TR-069 is that it improves the issue of end user security literally ten-fold. There are so many users with 3rd party routers that have been subjected to security exploits in recent times, and many of those people would be completely unaware of the issue. Own a late model Linksys router? They were all pwn3d last month. Own a Belkin? They've been pwn3d too. Own a D-link? They're been pwn3d too.
By being able to manage CPE if Spark, Vodafone, 2degrees or any RSP that uses TR-069 have critical issues with their CPE they're able to push updates out to mitigate the risk. If you own 3rd party CPE you're on your own.