The security risk is huge, especially with anything that has a camera or mic in it. I wonder how many people forget that Amazon or Google could have a recording of your telephone banking credentials? With some of the cheapo wide open IoT devices it's not inconceivable that someone could call pretending to be your bank, but instead of leaving the line open (that old scam) when they ask you to call them (your 'Bank') back, they switch to an IoT device they have access to and listen in when you genuinely call your bank and give them your login details. If it's sensitive enough, it might even pick up the touch tones from the phone.
I read the other week that someone has managed to develop a programme that can do a pretty good job of predicting what you are typing on a keyboard, just by the sounds the keys make and someone else has developed one that can do the same with a camera, following shoulder and upper arm movements. Scary shit man.