As with installing updates and other "maintenance issues", I have
no desire to add to my workload. I want to spend my time *designing*
things.

I run the server to save me time handling requests from colleagues for
source code releases. This lets them access the repository and
pull whatever versions they want without me having to get them and
send them. Otherwise, they gripe about my weird working hours, etc.
(and I gripe about their poorly timed requests for STATIC resources)

There is some overhead to their initial connection to the server
as the script has to take into account that packets aren't delivered
instantly and retransmissions can cause a connection attempt to be
delayed -- so, *I* might not see it when they think I am.

But, once the connection is allowed, there is no additional
overhead or special protocols required.
I wouldn't "unplug any of the above mentioned drops". I'd let them connect
using their native protocols. This is already baked into the code so "costs"
nothing.

The hiding prevents an adversary from cutting an exposed (e.g., outside the
house) cable and trying to interfere with the system. Just like an adversary
on a factory floor could find a convenient, out-of-the-way place to access the
fabric with malevolent intent. Or, a guest in a hotel. Or, a passenger
on an aircraft/ship. Or, a CAN node in an automobile (!).
I'm a "development lab". I want to spend my time using my tools to
create new products. I don't want to bear the overhead of trying to
keep up with patches for 0-day exploits just to be able to USE those
tools. I am more than willing to trade the hassle of walking
down the hall to another computer (this one) to access my email.
And, if I DL a research paper, copying it onto a thumb drive to
SneakerNet it back to my office. To me, that's a HUGE productivity
increase!
The house network effectively implements a VLAN per drop. My OS only lets
"things" talk to other things that they've been preconfigured to talk to.
So, I can configure the drop in the guest bedroom to access the ISP.
Or, one of the radios in the ceiling to do similarly. If I later decide that
I want to plug a TV into that guest bedroom drop, then the ISP access is
"unwired" from that drop and access to the media server wired in its place.

And, KNOW that there is no way that any of the traffic on either of those
tunnels can *see* (or access) any of the other traffic flowing through the
switch. The switch is the source of all physical security as you have
to be able to convince it to allow your traffic to go *anywhere* (and WHERE).

[So, the switch is in a protected location AND has the hardware
mechanisms that let me add new devices to the fabric -- by installing
site-specific "secrets" over a secure connection]

Because a factory floor would need the ability to "dial out" from a
drop ON the floor (or WiFi) without risking compromise to any of
the machines that are concurrently using that same fabric.

Imagine having a firewall ENCASING that connection so it can't see *anything*
besides the ISP. (and, imagine that firewall not needing any particular rules
governing the traffic that it allows as it's an encrypted tunnel letting
NOTHING through)
Yet another activity I don't have to worry about. Sit in the guest bedroom
and you're effectively directly connected to The Internet. If your machine
is vulnerable (because of measures YOU failed to take), then YOUR machine
is at risk. Not any of the other devices sharing that fabric. You can get
infected while sitting there and I'm still safe.

My "labor costs" are fixed and don't increase, regardless of the number
of devices and threats that I may encounter. No need for IT staff to handle
the "exposed" guests -- that's THEIR problem.
And they would forever be "TAXED" for their choice. Folks are starting
to notice that updates often don't give them anything that is worth the
risk/cost of the update. Especially if that requires/entices them to have
that host routed!

My colleagues have begrudgingly adopted a similar "unrouted development
network" for their shops. The savings in IT-related activities are
enormous. And, they sleep more soundly knowing the only threats
they have to worry about are physical break-in and equipment
failure.

You want to check your email? Take your phone out of your pocket...
Need to do some on-line work (e.g., chasing down research papers
or browsing a remote repository)? Then move to an "exposed"
workstation FOR THAT TASK.

[Imagine if businesses required their employees to move to such
a workstation to browse YouTube videos or check their facebook
page! "Gee, you're spending an awful lot of time 'on-line',
today, Bob... Have you finished that DESIGN, yet?"]
Hence the reason for NOT letting anything "talk" to anything that it shouldn't.
E.g., the oven has no need to talk to the front door lock. Or, the garage
door opener. Or, the HVAC controller. So, even if compromised, an adversary
can only do what those items could normally do. There is no *path* to
the items that it has no (designed) need to access!

With a conventional fabric, anything that establishes a beachhead on ANY
device can start poking around EVERYWHERE. You have to monitor traffic
INSIDE your firewall to verify nothing untoward is happening (IDS -- yet
another cost to install and maintain and police!)
Banks keep the money is well-known places. Most commercial (and free) OS's
are similarly unimaginative. So, *looking* for it is relatively easy.
Especially OSs which use a unified file system as a naming mechanism
for everything in the system ("Gee, let's go have a peek at passwd(5)...")

In my approach, an actor only knows about the items that he SHOULD know about.
So, you may *SUSPECT* that there is a "front door" but the only things you
have access to are named "rose bush" and "garden hose" (if you are
an irrigation controller).

In a conventional (50 year old design!) system, you would *see* the names
of all of the devices in the system and HOPE that someone had implemented
one of them incorrectly. Your task (pen-test) would be to figure out
which one and how best to exploit it.

Had the designers, instead, adhered to the notions of information hiding,
encapsulation, principle of least privilege, etc. there's be less attack
surface exposed to the "outside" AND to devices on the *inside*! (But,
you need to approach the design of the OS entirely differently instead of
hoping to layer protections onto some legacy codebase)