Since when Comcast/Xfinity Cisco Router changed url from http://10.0.0.1 to https://myrouter.io/?

You do point out a problem with consumer gear in general.  Production run on most stuff is 5 years.  After that, they dump the product, and the security updates are non-existent. 

If there is an exploit, odds of anyone fixing the libraries they used to compile the firmware with are slim and none, unless they are getting a lot of flack from government CISA about their easily remote exploitable product.  Even if there is an exploit for a gateway, and the company fixes it an issues a firmware, it still has to go to Xfinity to be "pushed" to your stuff.  That may or may not ever happen and the QA part to make sure they don't brick your device may or may not happen either.

It's one of the reasons why I'll only use a gateway or modem in bridge mode an run a firewall I can audit security on to handle the traffic.  At least when there's a problem, I can fix it or disable the function where there is a problem.

If it bothers you, then you can probably log into your Cisco settings an select http instead of https for the web interface.  Then you won't get the SSL error or have to add an exception.  Does it matter?  Well, don't administer it from a remote location.  You should have that turned off anyway.  Local traffic doesn't matter (unless you've got a local maulware problem, then you got other issues).  Does the exception matter?  No, it's encrypted locally still.  It's just that the certificate is expired.