Telling people to put their baby monitor in the DMZ is not going to solve any of their concerns and is also not going to keep them from being part of a botnet.
Most of the devices in their normal network aren't going to be quite so shittily secured by design. You want to protect your internal network from IoT devices, sure, but you really want to protect those IoT devices from the internet at large.
I'm not quite sure when or where you've figured out how to actually secure an IoT device well enough to prevent it from being used as an attack vector without essentially breaking it's functionality, but my entire point regarding DMZ was to address another risk with potentially open file shares on a network.
And do I really want to protect these devices from the internet at large? What exactly is MY direct level of personal responsibility to secure what is essentially being sold to us as a black box piece of hardware that's supposed to be "plug and play"? You know what, how about fuck that shit. I say let the damn things run rampant on a botnet somewhere until it becomes obvious who the culprit hardware and vendor is. Only when manufacturers suffer rather massive public embarrassments that affect thousands of their customers will they actually even remotely try and address the issue. Remember the problem has to be large enough for a manufacturer to actually give a shit (legally, morally, and ethically, which you should already know will take a LOT of financial impact.)
TL; DR - Fuck helping secure black box consumerware. That's the vendors job, not mine.