Well it's not that bad:
* All the attacks are over-the-air wifi attacks, not ip-based, so they can't be routed
* Almost nobody uses EAP on those ESP chips, probably (someone, somewhere probably does and has deployed 500k devices
)
* If you crash it or hang it, there is a hardware watchdog that the firmware should be using!