Looking at maybe nabbing some smart bulbs, and I’m wondering what the state of security is for these things. Is there a significant security danger to hooking up a wi-fi enabled smart light, or is that largely in the past?
Does using a HomeKit-enabled light mitigate that danger in any way?
And of course any recommendations for your favorite smart lights would be more than welcome.
Nothing has changed.
Your network is as safe as the weakest link inside of the network.
HomeKit-enabled devices are not safe per se. HomeKit’s safety is about how HomeKit devices communicate to HomeKit hubs like Apple TVs, HomePods or iPads. That communication is secure. And yes, HomeKit-enabled devices tend to be more secure in comparison to devices that are not HomeKit-enabled. But that does mean that they are free of any security related issues.
I do not own any smart bulbs. I use Eve Energy for switching devices on and off and that’s it (there are several lights among those). Of course, Eve Energy is using Bluetooth. I never had any issues with the Bluetooth connection, probably because there are HomePods or Apple TVs in every room that has Eve Energys. The advantage of Bluetooth is its stupidity network-wise.
I only do have two Smarthome devices that use Wifi. One is the Eve Energy Strip and a similar device by Meross. I trust Eve and their ongoing updates. I am not so sure, if I trust Meross as much, but they seem to update their firmware quite regularly. I do not plan getting any more Smart Home WiFi devices. I should have created a separate WiFi network for those IoT devices. I should look into that again. Because yes, I consider WiFi IoT devices as the most vulnerable devices on my network. If there are backdoors, I expect them to be there.
If you plan on getting several smart bulbs as of now, you maybe should consider getting a ZigBee solution like the Philips Hue system. Yes, you need a bridge. But, after all it might be no good idea to have simple light bulbs on your WiFi network connected to all of your other devices.
I am looking forward to Thread. Apple and Amazon are backing this new “network” and the HomePod Mini is the first Apple Hub to support it. That of course means buying new IoT devices that support Thread. 
The interesting thing about Thread is that all Thread devices connect to each other and basically form a separate Mesh network solving the Bluetooth range issue, getting rid of the need of proprietary bridges like the hue system, being very power efficient and eliminating having IoT devices on your WiFi network.
EDIT: One more interesting article about Thread: