Having spent some time in cyber security I can add the following.
Physical and logical controls are important, but you should design your systems assuming that the ‘network’ has been compromised - because a lot of them are. This means that you should add layers of authentication and encryption to those functions that you value.
While a home network may often be compromised - usually by some form of remote control malware - there needs to be an incentive for someone to use that remote control to benefit themselves. Normally it is easiest just to encrypt some data and ask for a few euro, engage in coordinated ddos or maybe run a mining op and that reaps some financial reward. Exploiting a weak OH system may not be all that high on their priorities…
However, when someone uses OH to open doors or interfaces with security systems, the weak security is a real concern. Personally, I am working on a bespoke security system and would like to integrate/automate with OH. While I am not implementing a fort knox system, it does need to be resistant to likely threats for a home environment. I do consider network compromise a likely threat. I personally think that authentication is essential for any system that controls physical or logical access, whereas it may not be so important if someone can remotely change TV channels or pull your blinds.
I see that @splatch is working on authentication and I am personally grateful that he is progressing this important addition. Pleasing everyone is hard to do and can make it a difficult task. Personally, just having some level of authentication even without role-based, multi-level security would be a great step forward.
Just my 2 cents.
My thanks to the @splatch and the other devs.
Ron
