For a hundred quid, a criminal could buy a WiFi pineapple (or similar), setup a fake AP, sending out fake deauth packets for their real router and waiting for the unlock code to be recorded.
Wow, I managed to make that sound like you need to be done l337 haxor to do. It's really not. At all. And if you really can't RTFM because you have the intelligence of a house brick, you can watch the step by step on YouTube.
It really isn't a good argument to say "not vulnerable" because it is "beyond the capability of most would-be burglars". That is like saying that it doesn't matter that your car may be easy to hotwire but don't worry because they would have to get through the locked door first.
We live in a world where IOT light bulbs leak the password of their WiFi network. Security in the digital age is about layers, not some impenetrable moat on the outside of your castle. You assume that your adversary can see and manipulate any communications between any of the devices and build the security in from the foundation.