IMO, this comes down to trust -- how much do you trust the devices? If you don't trust them, put them in the IoT network. If you do, you can leave them where they are.
Secondary considerations should be given to any necessary file or service connectivity within your network -- for example, Chromcast/Airplay type connections can work across subnets, but it's much easier if it's on the same network... so if you're using a device to stream from your phone/computer, you may find it harder if it has to cross boundaries.
Rral life scenatio: grandparents come to visit and connect to wifi where xbox is present their andoids advertise xbox game pass for weeks after.
Radically you can micro-segment one device per subnet, then think what you want to actually connect - say use phone as TV RC, or OTA sync to phone etc.
i'd restrict the totally non-interactive devices to only hosts & ports they are after in and out)
esphome devices have their vlan, cloud based devices their own vlan, guest like my nephew on guest vlan as they came with their mobile phones with a lot of games and stuff from who knows where, tv on their own vlan.
Well, after moved my Ring doorbell to ioT network, it keeps disconnecting from the ioT wifi vlan. I have one dumb AP (EA3500 openwrt 24.10.5) just for ioT, wifi signal strength at door is fine. Tried both 2.4G and 5GHz without luck.
Then I disabled ioT wifi on EA3500 and enable ioT wifi on another dumb AP which is a little bit less strong signal at door, Ring connected to it without any issue. That AP E3200 has FreshTomato firmware.
Marvell wireless is not exactly the poster child of good drivers/ firmware/ hardware - and this chipset is quite on the old side as well (802.11ax chipsets bumped the limits for connected clients and interface combinations quite a bit).