My experience is mostly with Sony TVs, which run near-stock Android TV and do have a settings toggle to disable Bluetooth without needing root. Some models need BT for voice search (if mic is in the remote), and to many people losing that might be a good thing, but others seem to need it for basic menu navigation from the stock remote because odd features like trackpad don’t blast through IR. Considering how often I see unfamiliar TVs listed when I look at my phone’s Bluetooth pairing menu, I knew plenty of other TV vendors use constant discoverable mode.

Having strangers within wireless range (especially for 2.4 GHz, but 5 GHz can be bad too) be able to intentionally and/or repeatedly interrupt what you’re doing with a pairing request at any time absolutely should be seen as a severe security flaw in my eyes. Even if they can’t successfully pair, the request prompt is akin to denial-of-service. Being such a blatant flaw that people often do it by mistake is even worse.