Yes, the travel eSIM (and mobile telco in general to be honest) ecosystem is rotten and inbred, with layers and layers of resellers and middlemen feeding off each other whose only purpose is to gatekeep and skim some money off the top.
The actual risks are that the Chinese or any middlemen in between get your device's IMEI, approximate location and voice/SMS/data traffic on the affected eSIM. This means the voice/SMS/data traffic on your normal, long-term (e)SIM is safe.
Your data traffic is safe courtesy of HTTPS. Your normal voice/SMS traffic is "safe" (as safe as your usual carrier secures it, which to be fair is not very much, because they too outsource its processing to the lowest bidder: https://berthub.eu/articles/posts/5g-elephant-in-the-room/). The voice/SMS traffic you generate on the travel eSIM could be at risk, but since it's not your usual number and most of them don't even allow or advertise this functionality, it shouldn't be a big risk since you wouldn't be using it. You should consider all cellular voice/SMS as compromised anyway.
The real reason to avoid those travel eSIMs isn't potential security concerns, it's that all those layers of middlemen mean your latency to the internet is generally around 200ms and speed in the single-digit mbps regardless of your last mile access technology, making it really poor value for money. Always just pick up a physical prepaid SIM at the airport/tobacco shop from a local carrier, you'll not only get much better prices but better connectivity.
This is mostly FUD.
Yes, the travel eSIM (and mobile telco in general to be honest) ecosystem is rotten and inbred, with layers and layers of resellers and middlemen feeding off each other whose only purpose is to gatekeep and skim some money off the top.
The actual risks are that the Chinese or any middlemen in between get your device's IMEI, approximate location and voice/SMS/data traffic on the affected eSIM. This means the voice/SMS/data traffic on your normal, long-term (e)SIM is safe.
Your data traffic is safe courtesy of HTTPS. Your normal voice/SMS traffic is "safe" (as safe as your usual carrier secures it, which to be fair is not very much, because they too outsource its processing to the lowest bidder: https://berthub.eu/articles/posts/5g-elephant-in-the-room/). The voice/SMS traffic you generate on the travel eSIM could be at risk, but since it's not your usual number and most of them don't even allow or advertise this functionality, it shouldn't be a big risk since you wouldn't be using it. You should consider all cellular voice/SMS as compromised anyway.
The real reason to avoid those travel eSIMs isn't potential security concerns, it's that all those layers of middlemen mean your latency to the internet is generally around 200ms and speed in the single-digit mbps regardless of your last mile access technology, making it really poor value for money. Always just pick up a physical prepaid SIM at the airport/tobacco shop from a local carrier, you'll not only get much better prices but better connectivity.