We should assume T&M equipments as insecure, untrust devices when connecting it in networks. It's not difficulty in our field, because it's common that tech savys know at least the basic of network and security.
In a enterprise environment, the TI department should assure this. In a home environment, even when a user don't implement a network segmentation, limiting broadcast domains, strict firewall rules, etc, and only connect the T&M equipment in a home router, it is relatively safe. By default it will be behind a NAT with a firewall allowing forward from the LAN and blocking from the WAN. It could call home, but can't easily be accessed from WAN.
Apart that, I see no justification for the manufacturers don't implement basic security measurements today. It shouldn't have open ports, default passords, insecure protocols, etc, enabled by default.