A lot of modem-router combos will have a pass through mode (though ISP provided is more dubious both for that and for setting things up to work independently of that) that will disable everything but that for your modem, what you might have done is more use a multi access point setup (quite common for people wanting a bit more range -- run CAT cable to wherever and then stick a router there being the ideal, but distributed/mesh networks are a thing as well and actually not bad these days compared to 10 years ago where it might have halved speed at each step along the path).
Security wise then depends what you are doing. Sometimes for credit card/financial processing things will want to be on a separate network from your guest wifi to be compliant (number of times I see that in the wild... let's not go there). Sometimes the security on the base router might not respect what the other is doing if things are being blocked at router level -- if doing ye boring and basic intro to networks this is where subnets and gateways come in. Likewise if things are connected to the modem sporting router and others to the existing router they may or may not be able to speak to each other depending upon the setup, or need you to do port forwarding on your internet network (as well as possibly have more annoying forwarding if you are passing through a CCTV or something).
For the most part for the average home use then the security concerns would be if the modem-router combo having default settings gets some exploit (password generation algo broken, something akin to the WPS flaw found years ago, external admin broken somehow*) and you are not on top of that thinking it instead just a boring box.
*your ISP probably has this to help grandma, they only asking for passwords if you call them to make you think they can;'t just wander in on a whim.
"redoing everything on a lot of devices"
Can you not just select same security, SSID and whatnot (to include any firewall settings) on the new one? Some Apple devices might complain if they detect a changed mac address of the router (some will allow you to change this too) and claim it is potentially spoofed but eh.