How many of those get exploited on firewalled networks before they're remotely patched though?
My whole point above that it does actively hurt, with devices randomly misbehaving at exactly wrong times. It's not enough to set up everything once because devices get updated and change ports, domains, and protocols. It also makes everything more brittle, requiring multiple inter-VLAN proxies to be running at all times for seemingly unrelated devices to work. That SD card in your raspi died? You decided to update Docker on it and run into problems? No Sonos for anyone in the house until it's fixed.
There's a real cost to that paranoia, it's just another case of security/convenience tradeoff.
My whole point above that it does actively hurt, with devices randomly misbehaving at exactly wrong times. It's not enough to set up everything once because devices get updated and change ports, domains, and protocols. It also makes everything more brittle, requiring multiple inter-VLAN proxies to be running at all times for seemingly unrelated devices to work. That SD card in your raspi died? You decided to update Docker on it and run into problems? No Sonos for anyone in the house until it's fixed.
There's a real cost to that paranoia, it's just another case of security/convenience tradeoff.