Questions about connecting to Alexa?

I think the local tunnel and IFTTT approach is madness; in fact avoiding the use of anything that required an outside service other than Alexa itself (which doesn't require a hole in the firewall, since it initiates the connections) was a key design requirement for me...

You're communicating between a device in your house, the Echo, and another device in your house.... And you're going to go outside the house, then make a call back in from the outside internet through a hole you've poked in your firewall?!

1. This adds points of failure (whatever means you use to get through the firewall, external service that could be shut down or made a pay-for service in the future at the whim of an external organization) which are out of your control.
   
2. This adds a tunnel from the outside internet to your Espruino. This strikes me as very dangerous; I have no confidence that the Espruino HTTP server will hold up to an aggressive attack - I operate under the assumption that there exists an unknown vulnerability (probably several) by which a malformed request could execute arbitrary JS, and hence no Espruino should be exposed to incoming connections.
   
3. Your IP address changes occasionally, meaning you need to either set up a domain name and have it autoupdate (which is often finicky) or keep changing the IP address every time it changes.