If anyone connects HA with their alarm system, I recommend setting up a “Arm Only” alarm code to use in HA. That way if anyone gets the code from HA some how, they can only arm your house alarm and not disarm it.
Not giving HA the possibility to disarm seriously limits your options in automating the alarm system. For many people, the entire point of linking both is to do things like disarm on presence.
It’s all about a factor of trust. How much do I trust the security of a piece of software and hardware and what would be the consequences if it fails ? I would never trust HA my online banking credentials, because the failure mode could be catastrophic. I do however trust it my alarm disarm code (in fact, I trust it my entire alarm system). There are multiple physical and mechanical barriers of entry into my house, the alarm system is just one layer. So the convenience factor is much higher than the risk of it failing in a catastrophic way.
But this perceived and actual relationship of trust with a control software like HA makes it so absolutely vital that incidents like the current one are handled in a perfectly transparent way.
… And usually the people who do “hacking” and can get hold of the code is not the same type that does physical break ins, generally.
I know Hollywood wants us to believe there are people do it all but in reality I believe they are very few.
I think the risk is higher that some drunk/high doesn’t give a … about the alarm (or doesn’t even notice the alarm stickers) and just breaks a window and grabs what they can find in the rush.