Hi Manx,
From my point of view, MCU should not have in any way dirrect connections to outside world, and let me tell you why. First of all, I am a software engineer and I do electronics as a hobby, but I like to integrate the software concepts in everything that I do. For example in software there are some principles called SOLID. Let me tell you how you can use these smart principles even in hardware (if not in day to day tasks)
Single responsability - tell that a method or a class should not be responsible for more than one thing. For example if one of the MCU pins is responsible at a moment for blinking a led but ten seconds later it should read an analog signal then you have a problem (I am not telling that this is not done, I am just telling that from my point of view this should not happen)
Open-closed principle states that a class should be open for expansion but closed for modification. This mean that you should build your hardware in such way that later you can add functionalities to it without the need to rebuild the PCB. For example by exposing multiple i2c ports, or by using some multiplexers for digital output ports and so on
Interface segregation is referring to the fact that an interface should not contain more than is necessary (this will enforce the class that will implement this interface to implement method or properties that are not their responsability) This is also true for micro controllers. A microcontroller should talk to outside world to an interface. If it is an digital port then it should be protected by an optocupler. If it is an analog port then it should be protected by a buffer and so on. By implementing this interface with the outside world you force the outside world to obey the rules of the interface. The interface state, no signal above 10V should be allowed on digital input. Someone want to hack your device and put 11V. In this case either the interface will reject the input or the interface will be fried. In either case (depending on the design) the MCU will be safe. The interface say, no more than 500mA can be used from a single output (for example from ULN2003). This means that if I try to draw more current either the driver will fail or it will enter in a halt mode (depending on the design).
More over if you consider all the solid principles you will see that every "interface" from a board will have its own purpose and you will know how to isolate your components on the PCB based on their functionalities.
Long story short, MCU pins should not be exposed directly to outside world but by using interfaces. An interface forces an implementation and is "public" available while some functionalities are "private". For example if you will have an analog input through a buffer then for sure this will be linked to MCU, otherwise there is no reason to put that interface to a board which mean that the analog input connector will be "public" available (for everyone that will use your board). In the same time the crystal functionality is a private functionality since it will not be exposed to the outside world.
It is the interfaces responsability to adapt and protect the input and output signals and not the MCU responsability. Consider the case when you switch the MCU with one that does not support anymore 5V on the input but instead 3.3V. In this case if the inputs are dirrectly available to the outside world then all the connections to the MCU should be changed. Otherwise by using interfaces then you should slightly adapt your interfaces in such way that they will work with the new MCU. For examply I like to design the analog inputs not as a buffer but using differential amplifiers. In this case I have the possibility to shunt all the resistors and I have a buffer or place some of them and I have one type of amplifier.