I have a great respect for Gibson and his work, I've learned a lot about security from his site, but I wouldn't always take his word as absolute truth. Keep in mind that he designed that firewall-testing tool, ShieldsUp if I remember right, which attempts to connect to a FTP server on the Internet, supposedly to check how secure your firewall is. And, of course, most firewalls will allow an outgoing connection to a FTP server (duh, if you have Internet access you probably want HTTP and FTP access) then tell you that your system is vulnerable. Pfft.
Second, UPnP is created by Microsoft, so you can't expect too much of it. However, it can simplify a lot the router configuration in most SoHo networks, where security is not critical. Think of the numerous broadband connections for home where only one PC or maybe two are connected to the router, and the user doesn't know more than "plug in, power up, enjoy." Such folks won't even set a password for their network shares, so the UPnP security is the last problem to consider. But, enabling UPnP in router and having mIRC use this feature would be a huge step forward for the network-noob. After all, most problems I get in #mirchelp on Undernet are about making DCC work through DSL/Cable routers, and people scratch their heads even when they get a step-by-step tutorial with pictures. "Log in to the router?! What's the password? Oh, in the router's manual? But I didn't keep the manual! Manufacturer's site? What's a FAQ? What are virtual server, ports, IP? I don't understand a thing, forget it! This program sucks." You got the picture
Third: I just read GRC's page, and yes - it seems reasonable to disable UPnP on Windows XP, IF it is directly connected to the Internet rather than connected through a UPnP-enabled router. Like any service, it could be exploited somehow, but that doesn't mean it's not useful when used with a router.
