as long as there is a plan, that's good. small steps to the big plan are also fine.
its when people say 'hey, this is a controlled lan, we don't need no stinkin' passwords, etc etc'.
when the ethernet 'shield' first came out for the arduino and I saw the ultra shitty driver for it (still shitty, but that's beside the point), I asked 'what's the point of this, as it will be a node on the ip network and yet have ZERO security to it. why even bother?'. the question was not really answered, just lots of noise about security not being needed (damn). they didn't 'get it' or just refused to see how bad it is to have IoT stuff without a good security story to go along with it.
then, the rasp pi style cheap boards became very popular and suddenly, we had a PROPER ip stack and all that went with it, for about the same price as an arduino and official ethernet shield. why mess around with hardware ip stacks that are non upgradable, non patchable and don't even come close to the features and security of a software ip stack, such as the raspi.
I like the idea of a small 'ip stack on a chip' or small board, but if its going to touch real world things, I do insist that there at least be a story for how to secure it down.
oh, and this story was just on slashdot recently, about the 'least secure IP device they ever saw':
http://it.slashdot.org/story/15/05/06/2215205/researcher-drug-infusion-pump-is-the-least-secure-ip-device-hes-ever-seen