I disable it anyway. The fact that UPnP, by design, lets any application communicate with the router and open ports should make any security conscious user uneasy.
Not really. At this point you have already lost and been invaded anyway, and the route out should be of much more concern than than the route in, and if the program in question can open a route in, it's also capable to two way communication without opening a port.
that site is scaremongering at best anyway. notice how it ONLY reports how many "open" routers has been found with the test, not how many secure ones.