Not OK...I didn't magically understand anything...I'm expecting you to explain something here...
Also, if you're implying that a 192.168.1.1 can be spoofed via Wireless LAN...LOL
The only thing I understand - is that you're implying WiFi, in all its forms, is insecure.
Am I correct?
If someone is this security paranoid, as I suggested:
Using a management VLAN only addresses all your concerns:
- No WiFi
- Physically at device
- Configured to be only port/network LuCI/SSH is reachable from
Last option is console access, only.