That's fair, though at least resetting would indicate that an attack happened. Default passwords and printed passwords can result in undetected attacks, which are arguably worse.

It doesn't change anything in this case though, you can't use the default password against a tp-link device after it's been onboarded.