An embedded device running, say, FreeRTOS+LWIP has a lower chance of being exploited on the open internet than the reverse proxy devices that people are suggesting are used to protect/firewall it. I mean, it's a custom device requiring target specific exploits to be discovered (what nerd would spend time on that?), no command shell, no scripting, binary executable in FLASH (disable RAM execution) and with infinitely simpler code (compared to full OS of some kind) which in itself reduces probablity of exploits.
....and you better keep that proxy OS updated or some port scanner will find it and use a yet-to-be-discovered expolit (shellshock, heartbleed part deux).
That said, I wouldn't use the relays to control something valuable.
IMHO