I don’t see how that’s possible, you can’t get certificates for hostnames like homey.local.
Regarding bad WiFi networks: at least that requires a relatively close proximity to the network to be abused. And when it gets abused, it’s not likely that the communication between Homey and your mobile phone is the likely target. Whereas DNS rebinding attacks can be done remotely and can be just as damaging as a WiFi hack.
