Ditto. It's for this very reason that I create my own "smart devices" which only have the ability to communicate locally inside my network. When I need to reach them, I do it via a VPN that uses high encryption and specifically tailored non-standard settings.
Trust off the shelf stuff likely made in China inside my home? Uh...that's a big fat NOPE.