>that means the traffic is vulnerable to some sort of MITM attack by DNS poisoning/packet rerouting

Because it uses https? OP gets around this by manually injecting his certificate, but if you have physical access to a device it's generally considered to be game over in most threat models.

> if the device allows this sort of fakery, that means the traffic is vulnerable to some sort of MITM attack

No. This is a thermostat at your home. It forwards its DNS requests to your router. Feel free to establish whatever security protocols you need there. Or, even better, host your own server.