While all of that may be true. How many times in real world scenarios has it actually happened? What percentage of Jeeps have been "taken over" by hackers? How many Ring doorbell owners have had their homes entered by the same? You are still far better off with one, than you are without. Even the Pentagon gets hacked.
No other Jeeps have been taken over by hackers that I know of, but enough people with Ring doorbells have been spied on to make me not want one. A ridiculous number of IoT doorbells and security cameras have been hacked. Two Romanian hackers took over two-thirds of the District of Columbia's outdoor surveillance cameras just before President Trump's inauguration.
In October of 2016 an attack shut down huge parts of the internet including Twitter, the Guardian, Netflix, Reddit, and CNN. It slowed down or fully stopped the internet for nearly the entire East Coast.
The Owlet baby heart monitor is completely unencrypted and doesn’t require any authentication to access. That means that someone can hack into the system if they’re in range and prevent alerts from being sent out to parents. And hackers go from one easy to hack thing to another one on the same WiFi network. The next thing you know they control everything in the house.
An ex-husband cranked up his ex's heat for several days while she was on vacation, driving up the utility bills, then cut the heat off when she got home so it dropped down to 40 degrees in the house. At least two housing blocks in the city of Lappeenranta, Finland were shut down leaving their residents in subzero weather.
In 2016 The FDA confirmed that St. Jude Medical’s implantable cardiac devices have vulnerabilities that could allow a hacker to access a device. Once in, they could deplete the battery or administer incorrect pacing or shocks.
TRENDnet marketed its SecurView cameras for various uses ranging from home security to baby monitoring and claimed they were secure, but they had faulty software that let anyone who obtained a camera’s IP address look through it and sometimes listen as well.
CloudPets toys left the emails and passwords of parents, as well as the message recordings themselves, exposed online to hackers. Anyone within 10 meters with a normal smartphone can just connect to it and send and receive commands and data. Cybercriminals have held the database for ransom at least twice.
The list of hacks on IoT devices goes on and on. There seems to be no end to it.