I can take care of the security myself with separate IoT VLAN and hidden SSID and firewalling and so on, and I would rather not hand both my personal data, and control of my home, to third party "cloud" services if I can avoid it. I appreciate security of WiFI is always an issue, but at least it is mostly a physically constrained issue (i.e. in range of my WiFi) which is a lot tighter than cloud services in China, etc.
The SONOFF switches were interesting. I was a bit against re-flashing them initially, but in fact I think this is working really well. I have refreshed a few with Tasmota and it just works. The Tasmota provides a simple (optional) web interface and talks MQTT. It seems there are a few common open source projects for these, and Tasmota was recommended - thank you.
I had not quite appreciated how MQTT works, and actually it is quite fun. A simple messaging protocol via a hub (MQTT broker. The Tasmota stuff has loads of commands allowing you to configured everything via MQTT. You can even have one switch send MQTT commands to other switches (via the broker) so easy to create two way pairs of light switches, etc, with no control application.
It took me maybe half an hour to add MQTT support to my door entry and alarm system (SolarSystem) using the mosquitto library. This means I can add config to do things like turn on the lights when I open the door to my office, etc.
But MQTT is an odd beast in some ways - it is designed to be really simple for the small simple code of embedded devices, but you can use it with TLS and usernames and passwords as well. This is almost at odds as TLS is a big bit of code for an embedded device (it can be done). Also, the management of certificates is a complication for managing simple IoT. In some ways a simpler approach of a local firewalled VLAN is a lot easier, but then the comms within that LAN are all plain text and not secure. This is an area where an actual local area LAN, locked down, makes some sense.
Of course, I am not new to any sort of home automation - I had a door entry system back in the late 80's using a home made mag card reader connected to a wire wrapped 6502 board I made. But I have not really got on the bandwagon for some of this cheap modern kit like the SONOFFs. My approach, as usual, is to understand the nuts and bolts of these things, so at present a simple MQTT broker (mosquitto) is all I need, but I may go for something like home assistant some time.