Peasant
Would SME be secure in this situation?
Personal opinion/preference again will decide the answer.
In server only mode, the sme server MUST be protected by an firewall, and punching a hole in an existing firewall/router is an acceptable approach.
Using this "layout", results in two devices to control, and possibly complicates some setup depending what else you may want to do.
Going the "whole hog" as you describe it, and putting your server in server gateway mode and utilising the firewall in sme server will achieve the same end result, but put all administration settings within the server itself, ie creating one point of administration, and in my opinion lowering the administrative complexity.
As far as which method is more or less secure, as ports are effectively forwarded to services in either case, then there is no real security differences from that point of view.
I personally feel the sme server in server gateway mode which is kept regularly updated, will be more secure in the long run, as the kernel gets updated, thus ensuring any potential kernel related security bugs are non events, as well as other access applications being updated too eg ssh etc.
A hardware router may not ever be updated unless there are software/firmware upgrades released and you make the effort to do the upgrades too.
In either arrangement, ie server only + router versus server gateway + modem, the real security weakness will be in web applications, and having weak passwords and opening lots of services to the Internet, and allowing inappropriate access eg ssh access via password instead of via public private key and so on.
In server gateway mode, the Server manager has a good port forwarding & opening panel to allow you further control. You can also set any services to private access (rather than public) by simple db commands.