No authentication required (anonymous access) - Weak or default credentials - No TLS encryption (port 1883) - Overly broad topic ACLs (all devices can subscribe to all topics) - Sensitive data in topics (patient vitals, device credentials) - No message validation (injection of malicious commands)