I believe there was a case recently where that exact situation happened and the owner of the router (and, by default, owner of the service) was held responsible for his neighbor illegally downloading material to his (the neighbor) computer. This was because, like you said, the router's IP address was the IP address used to download the material. Sad thing is, the guy who owned the service had no idea that his neighbor was stealing the connection.
My understanding is that if you leave the connection unencrypted you are in a better position in court, because the prosecutors can’t prove you were the one doing the illegal downloading (etc.)