but a TV has a limited functionality.
A SmartTV is not so much different from a normal computer or smartphone. The limits of the TV are mostly based on the software and on the hardware. Especially it can behave much differently with a modified software.
A rooted TV might have different functionality than intended by the vendor. And a compromised TV usually has different functionality than intended by the owner of the device. In both cases it is still the same device, only with different software and no longer limited by what the vendor intended.
I recommend that you view a SmartTV as a potentially vulnerable device, which is both connected to the internet and your local network. Internet access might lead to internet triggered exploits, which then can lead to a system compromise. Then you have a compromised system in your own network which might help the attacker to propagate to other systems in your own network.
Even if you strictly separate the SmartTV from your local network it will still have access to the internet and might be used as part of botnets to attack other systems - see for example New Mirai Botnet Variant Targets IoT TV, Presentation Systems. And if the TV has microphone and/or camera inside it might be used to spy on you.
So the only safe way to operate such a system would be to disconnect it from both the local network and the internet. Unfortunately this would make it kind of useless for typical use cases. Less harsh would be limited connectivity, i.e. restricted to only the necessary sites. This will decrease the attack surface and also the misuse which can be done if the device gets compromised.
