Add that police, logically enough, typicallly don't prioritize responding to burglar alarms and you have 15-20 minutes to loot.
Even worse.. How many routers damn near automatically trust any access to their config system from inside the local network? These days, how many people are hooking their alarm and camera systems up to said router?
Oh, and there's those nice doorlocks that talk to your phone via bluetooth or the local WiFi (if you're close enough to be on your local net, you're close enough for the door to be unlocked), and other ones that use NFC/RFID.. All of which are configured by a HTML/JS-based app on the device's internal webserver, which of course talks to anything in the localnet IP range...
If you can run arbitrary code on a device linked to the local lan, it's feasible now in a lot of homes that you can take over the security of the home. And heating and other devices as well. Why, you could totally piss the owners off by starting their web-enabled at a time other than when they specified!