The problem with these devices is that they want to communicate via a vendors server, so a firewalled network will certainly improve security, but will massively reduce usability.
I wonder if a proxy device with some smarts regarding data transmission patterns (learned from when a device is newly added to the network) could provide some security.
Get a new device, plug it in to a locked-down network that passes all packets through a deep packet inspector connected to some ML. Add in proxy features so if the vendor turns off their service, your personal network MitM can mimic the server on the other side.
I doubt this is feasible due to the fact that consumers clearly value "it just works" (implying simplicity/less security) over secure/private. (And probably a bunch of other factors I'm not thinking of.)