Interesting that there's no attempt to break down what 'risk' a potential buyer of such a system might be exposed to.
Personally I'd be concerned about the risks of obsolescence and faults. My (old, simple) heating system is extremely reliable, hasn't had to be modified for the last 15 years, and that's not something I'm willing to compromise.
There are other criteria which a system would have to fulfil before I'd even consider it. The main one would be that it wouldn't have a connection to the internet at all, thereby eliminating risks relating to privacy, hacking, and the reliability of any 3rd party equipment or my connection to it.
To achieve the objectives described in your introduction, it would need a number of sensors and actuators, and a controller with some software and a simple UI. It might make sense to put that UI on a phone app, but only if you can guarantee that this method will last the lifetime of the heating system and not be obsolete in a few years' time. Given the relatively high cost of installing the infrastructure, making the controller fully self contained (ie. its own display and buttons) would appear to be the most future proof way to go. Again, no connections to any external devices are needed.
Hooking all that stuff up to the internet is where it turns from a good idea into a very, very bad one indeed.