[parasubvert]

Normal paper printers concentrate print services to a Windows or Linux print server that authenticates users before they submit a job. All the direct ports on the printer are firewalled and restricted to the print server.

The main issue is that paper printers are a terrible legacy technology that didn't evolve much and are grandfathered into corporate security, whereas any new technology or new vendors have a much higher bar to pass before they're let on networks. Yes, there are many workarounds like VLANs, firewalls and black hole routes etc but they're usually treated as exceptions these days.

The TOS is meant to cover worst case scenarios, such as, the x509 certificates on the printer expire, or a major vulnerability is found. The printer is a hybrid cloud connected or LAN connected service and thus it's reasonable to warn users they need to update periodically because Bambu doesn't want to be exposed by for unpatched backdoor attacks etc. This is a similar issue with MacOS or Windows where you cant use your web browser securely after a few years of missing updates, or other connected devices where you must consent to automatic updates to use the device (Google Nest or Amazon Ring devices come to mind). Bambu is actually being better than most device companies in that they are just requiring this for crucial security updates and they don't require an internet connection: you can patch it via SD Card.