@Helen Do I think it will result in Anova's cloud being compromised? Probably not - the user base may not be big enough to appeal to the hackers - they're all about how big of an impact they can have (well, and the technical challenge).
"just any appliance API using this protocol" - umm, which protocol? The thing about an API with a device is that it is unique to that device. (those are all of the interfaces / triggers you can manipulate with your code). The actual protocols over the wire are how you get there. Those would also need to be published (the bluetooth ones having already been so - though they may have changed with this unit).
The only reason that hackers were interested in near field applications such as bluetooth and NFC are to be annoying (and put a few extra bucks in their pockets when they're at the mall). Keep in mind...a lot of these kids just ride on the coat-tails of the ones that do the heavy lifting - all of the work to find these exploits. Once the exploits are out there in the public, even those with limited abilities can write code to use them. You have to be close by to use the bluetooth radio - that has limited appeal. Now, having many devices connected to a common cloud - that enters the realm of interesting.
As soon as you have common infrastructure, you have a single point of vulnerability for this functionality (yes, yes, you can have multiple data centres and thousands of servers, using load balancing technology so it's fault tolerant), but you provide a common means of attack. An "achilles heel" for your customer base. If you get enough customers connecting to the same infrastructure, it becomes a more appealing target. But, sous-vide hasn't gone completely mainstream yet (I still can't get decent sous-vide racks in Canada) so, we have a certain amount of anonymity keeping this from being a high profile target....for now.
But, someday? Yep, someday there will almost certainly be something published that will give the infrastructure folks in Anova's R&D cause for concern. I'm pretty optimistic that they're going to be highly successful. As long as they have a team keeping their ear to the ground for security threats, they'll be fine (you simply have to patch the holes before too many know about them) :)