The supposed port on the Pace Gateways, started out as minor FUD, and now has turned into a full blown fire out of control. All in due to people keep spreading miss information about something that is not really there.
An open port on a hardware firewall is never good, unless intended on purpose by owner of said hardware (not any company), and the software running behind that port is known well and without any exploitable vulnerabilities.
About to just put the Gateway in bridge mode for the 2wire, and use the Netgear as the Hardware Firewall, just not 100% sure on how to do it
Well, the Netgear also filters incoming traffic, so unless you have opened a port on it, nothing is going to get through to your machines at all without request. (Unless perhaps exploited with its own vulnerability - they have them believe it or not.) What that means is things you solicit, such as web browsing, and all other general usage works and things you did not solicit, will not.
Disable uPnP on Netgear for good measure.
So, it is secure in that aspect, but still - someone can access your AT&T without your permission. (Notably, likely ISP.)
You can Stealth the port, and that is how it should be. You do also have to have ports open when running a File server, or a IP camera. When a request is made to that device, it should only go to that port, and access only what that port is mapped to on the device from the Router.
Think of port mapping, like following a road map across the country. Some exits may be open, others may be closed, while there are some that state on the map that they are there, but in reality are not. That is how the router works. It is told which ports to open and which to close, but should always be in Stealth mode.
That is why when people state that they did a port scan and found a bunch of open ports. The first thing that comes to mind, is why are they looking for open ports. The second is does the person understand the information they are looking at, from the results that the scan test gave.
If you are connected to the Internet, and worried about someone watching what you are doing, it is too late now. Regardless what people think that they can hide what they are doing, those days have gone away.
Modern day firewalls on today's routers, use IPTables. They will Stealth the port, so that it does not show to outside ping requests, if it is open, but IPTables on the router knows whether it is open or closed.