If you are feeling particularly paranoid and/or security conscious, a security paper outlining ‘undocumented commands in the BT chip’ made by Espressif has been published.
Bottom line is that these hidden commands allow third-parties to become trusted devices and connect to the BT device without authorisation.
Report on the paper here at BleepingComputer
Actual security release is here
UPDATE: Apparently more details have emerged and this is not as big an issue as the reporting would have us believe.