HDMI can be used to move tcp/ip packets [HEC], all it takes is one media device with connectivity, and a firmware that provides tunneling capability, and your TV will leak over the HDMI connector.
one pin [pin14] on the HDMI connector allows this to happen; disable it and that problem wont exist until specs & standards revision happens.
That is why you connect it to a source which does not have direct internet access. Use an adversarial mindset when dealing with commercial services, they are out to get you after all.
Given how scattershot support is for CEC, is that a real concern? Cannot even get the basics working, are they really going to try and nab external network connections?
one pin [pin14] on the HDMI connector allows this to happen; disable it and that problem wont exist until specs & standards revision happens.
https://en.wikipedia.org/wiki/HDMI