You plug the ISP cable in your single eth port. You don't know at this point if the ISP on the cable is up or down. Bad luck ISP is down. If you make the auto-switch based on DHCP/PPPOE in such case that auto-switch will switch that single eth port to LAN. You will happy handle DHCP on that WAN port because OpenWRT assumes it's LAN. And from this moment it's all about the ISP infrastructure to defend you something that you don't control.
I can make an even worst scenario here. You already have an device connected to ISP and that ISP is using DHCP to give the ip. At this moment you assume ISP is up and running. So you decide to plug the cable in that single eth port device (in this particular case I assume you have 2 cables from the ISP so you still have one connection that you know it's working). But between the moment when the first device got the ip via DHCP from the ISP and the moment when you plugged the cable in your particular 1 eth port device ISP DHCP started to malfunction and it no longer answer to DHCP requests (your already connected device doesn't need it yet) but rest is fine in your ISP case, your 1 eth port device will think it's connected to LAN if it uses DHCP to check if it's connected to WAN or LAN while in fact it's connected to WAN.
And yes if the device has TFTP recovery via bootloader an electrical power cut can easily get your device bricked. You have the ISP eth cable connected when the power cut happens. Your device boots faster than ISP internet routing devices, ISP switches on the other hand boot faster than your device, ISP switches don't have client isolation (bad configured, configuration got corrupted due to the power cut, ISP just doesn't care to implement client isolation, etc), some hacked devices that is in direct connection (done by the ISP switches) with your device is happy tftp some trash, your device will happy flash it because assume it's safe, enjoy bricked device.
We don't know what device it is. I know a particular device that was sold in 3 versions having the same hardware 1) router 2) repeater/ap 3) some sort of vpn tunnel device, from interface you can't cross-flash it but you can cross-flash it using tftp (you can flash what crap you want actually, it doesn't check anything, it just happy flash it). So I will just assume the worst case.
The same electrical power cut happening when your OpenWRT has that eth set as WAN will make OpenWRT set that eth as LAN if your OpenWRT boots faster than ISP routing is starting (in my particular case in such situation my OpenWRT router is booting faster compared to ISP re-linking, basicaly my OpenWRT after booting has to wait 3-7 minutes for ISP re-linking, and bad part is that ISP switch (in front of my router) is up before my router has finished booting (in that particular ISP switch there are 10+ neighbours routers and they care so much about the security of their devices that 2 wireless networs have no encryption, 1 is on wep, and 2 wpa get compromise to brute-force dictionary attack (some years ago I wanted to see how secure are my neighbours wireless networks, don't worry they haven't changed the passwords (all 5 had unchanged admin passwords and when trying to connect to router it was even telling me the name of the device...)), so at least 5 devices that are a bad joke (I doubt any of remaining neighbours router is running OpenWRT (mentality around is plug it, do some basic setup to get it running and forget it exist, even equipment from ISP is the same situation, taking into consideration ISP doesn't have UPS it's risky to remote flash it cause a power cut will brick the device, ISP had UPS-s years ago but their battery died and they removed them...) and some of the devices are actually old (even if by a miracle the owner did firmware update it's no longer receiving updates for years (on my main router if I return to stock firmware and connect to internet in 15 minutes I totaly lose control of the router, I can't even access the web interface, but internet is working, that's how secure is a 10 years old device running stock firmware (without OpenWRT there would had been no IPv6 support on my 10 years old router (DD-WRT doesn't have IPv6 for it) and I would had basicaly had to trash a device that can still be used)))); and yes that ISP switch doesn't do any client isolation between the clients connected to it, it only does on the uplink (at some point it was the normal PPPOE connection and ISP was giving a secondary LAN ip and you could see the neighbours from the entire town on that secondary LAN IP...))...).
An UPS/generator will not really help you if that power cut last longer than what that UPS/generator can do.
I even have a relative that had the wireless network without any encryption until last year. Keep in mind it's a wireless g router so I can happy assume that my relative has run that wireless network without any encryption. Router username/password was default one. I only managed to make my relative use encryption on that router. Couldn't make my relative understand that she's using a device with known security problems. I offered a router with OpenWRT for free (without updates done on the router situation wasn't great, but still better than current one) and my relative refused my offer. Nothing I can do in such situation. And we are talking about a relative here and I failed, ask yourself what are my chances to make a stranger understand...
Another relative has OpenWRT 15.05 on the router. I will ignore the fact that is running an old OpenWRT version. It's still better than the stock firmware that has actively used exploits. Main problem is that the router had no root password. Because that relative asked me to fix some problems on his pc I basicaly had access to the wireless network. Due to the lack of a root password I had access to the entire router configuration. And from this moment it's all about that person intentions.
Asking them to put a password? Some years ago I installed Windows on the pc of the gf of one of my friends, he asked me so I happy helped. I asked the girl to tell me an admin password and to note it because I will not remember it. She told me the password and noted it. You know what happened 6 months later? She called me and ask me for the admin password... You can bet I didn't remembered it. I asked her to tell me that password and to note it so she can can know it when she will needed it. Me having the passwords of the people I help at some point is gonna become hard to handle, a security risk. Technically speaking there is no reason for me to make and keep such a list.
Such a device can easily become compromised. And if your devices think that single eth port is LAN when in fact it should be WAN you just ask for troubles because 1 single compromised device that can access your device is enough to cause troubles.
The entire idea is that you don't control when the ISP has problems, when a power cut happens, how long it will take for ISP devices to re-link.
My idea with a button to do the change is somehow better. At least after a power cut it will still assume it's WAN. Bad part is that you always need to know how you let it set. Maybe use a led to show the status... I'd rather buy an used router that supports OpenWRT than deal with a 1 eth port device for a wan/lan case.
The tftp bootloader recovery on the other hand is outside OpenWRT control... For this part you basicaly need another device in front of you router to filter it. And if you put another device in front of your router (device that clearly has at least 2 eth ports) maybe you can just use that device do the routing and let that eth port on your 1 eth port device be always LAN...
L.E.: Let's assume I'm the ISP. Let's assume I used DHCP to provide internet. If I will see a device that is not mine acting as DHCP server I would blacklist it from the closest node to that device. In such a case when the 1 eth port device is thinking it's connected to LAN but it's connected to WAN in reality will end up blacklisted in the managed switch it connects. So you will basicaly end up without any connection. From my point of view I'm dealing with a device that is not working properly and I wouldn't want to see it causing problems on my network. DHCP server on WAN port is a big NO for me. If it will happen a couple of times I will no longer remove the blacklist because I have to force you to change the device because you clearly don't want to understand. Sorry but there is just no other way when the other side refuses to undersand/just doesn't care.
L.E. 2: Someone might complain that probing the wireless security of my neighbours is not legal. We use encryption to prevent unwanted access to the wireless network. The fact that 2 failed to a simple brute-force dictionary attack is plain bad. I supposed to not even be capable to do it fast because that ap supposed to temp blacklist me after several failed attempts, but I was never blacklisted. At this point it's not only user mistake it's also an issue with the stock firmware (devices were running stock firmware, probably the version that was on installed when the device was bought).
Based on the legislation in my country in the worst case I'm in the grey area. In other countries might be illegal.
As long as I know I don't do anything malicious on the neighbour router I have no moral issues with it.
And with wireless someone with bad intentions can do it from outside the building. That's the big problem.
L.E. 3: Entire problem is that you can't just assume that all devices outside your control are safe or that all people have only good intentions. I prefer "Better safe than sorry.". even if i might push it to extremes.
Long post cause I kinda exagerated with some examples of how bad security is in some cases (either due to user fault (no password, weak encryption, easy to hack password, not updating the firmware) or stock firmware bugs).
i have no bad intentions. I just want to improve some things that's all. I know some people think that I might have something with them when I write some things. Reality is that I just want to point some of the things that maybe they missed, we are humans and we all do mistakes, we miss things.
I'm that type of person that prefer to be told why I did something wrong with details. It helps me understand what exactly I did wrong to improve. Just telling me I did something wrong won't help me because I won't know what exactly I did wrong or how I did it wrong.