Can't help much with the security, but IoT security is typically hilarious. I have a potentially nice Linux/MIPS-based Onion Omega 2+ IoT board. When it's on a wireless network, I can't find a way to turn off its access point. As the AP has a trivially-guessable default password, it would open a nice hole into my network. Well, it would if it weren't wrapped in a box, unplugged ...

I sometimes wonder if the extreme cheapness of some of the WiFi IoT things are predicated on being able to mine valuable info from owner's networks. I'm particularly thinking of the <$10 ESP8266 boards - if you're not paying for the product, you *are* the product. 

(Sorry I won't make it out for the meeting, but I did slightly over-promise myself for a Raspberry Pi event on the weekend, so soldering and acrylic varnish must prevail. It's good to be working again: Elmwood Electronics - https://elmwood.to - has all the best toys.)

 Stewart