In principle it makes sense to give various electrical things in your house a way to talk to each other. For example we have a PV system with a small battery, a boiler connected to the central oil heating with a supplemental electrical heating coil and a wallbox. Before any excess sun is pushed back into the grid, our house will first charge the battery, heat our water (saving oil) and ask the car if it would like to be topped up. Additionally there are several smart power meters to keep an eye on the grid and various parts of the house. In theory we could also tell our washing machine to prefer homemade electricity, though when we want our laundry done we want it done now, so that’s not going to happen.
These are all systems from different manufacturers and need a LAN connection to talk to each other, and in some cases get other parts to do certain things in order for the system to work.
In our case that network segment is isolated from the internet, though that requires some above-average skills and dedication. Most PV owners just want a nice app with lots of shiny diagrams and can’t be arsed to set up their own IT infrastructure. Most manufacturers want the dumbest possible devices connected to a cloud solution because a) it moves most things that could break (buggy software) from the customer’s premises to them (never mind what happens if/when their cloud breaks), b) it makes it very easy for their app to access all data, c) it gives them a copy of the data, and d) it lets them sell you subscriptions.
So in a nutshell, it’s the same problem as everywhere a computer is involved - until after something really bad has happened, security is just that annoying thing that doesn’t add any value but makes things more expensive and more complicated for everyone involved.
Depending on mood and company, sorted from “aww” to “eww”: