One thing is that HomeKit devices will communicate which hosts and services to allow through a firewall. While that information is commonly documented for enterprise hardware, it's often difficult or impossible to get that info for home consumer gadgets.
Apple is giving people an easy one-click switch and a motivation (security) to block Amazon and Google device services, while allowing Apple devices to continue to work. This switch didn't exist before.
While it is nominally for security, it obviously has competitive implications to encourage ecosystem exclusivity.
If Apple put in a setting that said "Services blocker: HomeKit Only. Block Amazon, Google and other services from your home device", you'd scream proprietary lock-in. They did exactly this, just changed the words to hide it.
What consumer is going to register in a DHCP binding and fiddle with firewall settings for every IoT device? Very few. Especially since most US consumers use ISP-provided routers and they rarely have firewall features to reduce tech support calls.