I mean the alternative was installing the propietary app so I would say this is still a big win. But also yes, any wifi capable device in your home with no authorization is clearly a disaster waiting to happen.
I don't disagree that it's a huge improvement over some proprietary app but I still don't think "using the light's API as designed" counts as pwning it.
It's the same API that openHAB or Home Assistant would consume to control it.
It's the same API that openHAB or Home Assistant would consume to control it.