Right. They can't be routed (that is, cross IP network boundaries), but the packets could conceivably be seen on the other side of the modem itself connection. This could be at the phone company, the ISP (if it's different from the phone company), or someone that has tapped your phone line.

Effectively, the phone company is using ATM as a bridge between two segments of an Ethernet network. Part of the PPPoE protocol is discovery of the MAC address of the PPPoE "server", and it accomplishes this via a broadcast Ethernet packet. I don't see what would prevent other broadcast Ethernet packets. And that sort of a bridge is not really any different from the way Ethernet switches (as opposed to hubs) work nowadays anyway.

So the question is: are you okay with one of the ports on your LAN Ethernet switch being connected to your ISP, through the phone company through a largely physically insecure series of copper and fiberoptic cables?