it shouldn't need to touch almost any code in the OS- the UART can pretty much receive raw bytes. There's no signalling layer besides start/stop. The serial "stack" is tiny- as long as you don't somehow manage to involve the OS's terminal emulation layer, which should generally not be a concern- compared to TCP/IP.
there's no risk of accidentally leaving a service listening on the machine
it's incompatible with normal network connections- don't really have concerns about somehow connecting it to the Internet.
all network adapters on the machine can be disabled, rather than "only one network adapter"
But the main point is the reduction of attack surface going from a general purpose networking stack to a bidirectional stream of bytes.
it shouldn't need to touch almost any code in the OS- the UART can pretty much receive raw bytes. There's no signalling layer besides start/stop. The serial "stack" is tiny- as long as you don't somehow manage to involve the OS's terminal emulation layer, which should generally not be a concern- compared to TCP/IP.
there's no risk of accidentally leaving a service listening on the machine
it's incompatible with normal network connections- don't really have concerns about somehow connecting it to the Internet.
all network adapters on the machine can be disabled, rather than "only one network adapter"
But the main point is the reduction of attack surface going from a general purpose networking stack to a bidirectional stream of bytes.