... or smart anything else in the IoT world.
Pretty much every single IoT device you have connects to your wifi. And therefore knows your wifi credentials. And where (and how) do they store your network SSID and password?
I don't know how this works in the US but here I bring light bulbs and other electronics to a specific location. From there, an adversary would have to :
(a) gain access to the location and find "my" bulb.
(b) extract the passwords
(c) war drive a zone of about 20 square km to find "my" network.
(d) sit outside my door (there is no obvious line of sight location that would give them distance)
Given a dedicated IoT SSID when push comes to shove, I guess I'll be fine.
Risk is in the eye of the beholder
That's true; unfortunately many are blind to the risks or tend to overlook them. Most of us in IT Security are well aware of risks, and take measures to mitigate them --- but not everyone does.
In your case the probability & impact of someone exploiting the info from IoT devices is low, so the residual risk of using such devices is acceptable. I suppose there'd be little / no profit for someone ravaging through a dumpster to find an IoT light-bulb you've used...
But picture someone whose general IT Security is very lax, like in the situation below:
And the list goes on. The scenario I've painted might seem incredulous, but I've seen many like it...
If this someone is sitting on a gold mine, uses IOT devices & fails to dispose of them properly, the potential gains of retrieving the devices & extracting info from them may be well worth it to someone with motivations.