I set up a spare MX67 and replicated the conditions. First, it was attached to the network and downloaded a configuration. Then it was disconnected from the WAN and left offline for a few days. Then a computer was connected to one of the network ports. The MX67 was found giving out the 192.16.0.x IP addresses and the local status page had reverted to the default username and password.
To me, it looks like a fail-safe mode that has the unfortunate side effect of making a major outage worse by removing access to local resources. I could see some reasoning behind designing this type of fail-safe, but it seems the developers didn't take into account the fact that local servers tend to have static IPs.