I think you misunderstood. On-board diagnostic ports and protocols like UART/JTAG/ISP/SPI offer closer access to privileged busses.
This exposes an attack surface that makes it trivial to dump the firmware of a device without using it as intended.
As for the RS232, that's exactly what it's intended for. That's intended to access an ROS terminal and functions as it should.
User was referring to UART port traces on the board not the RS232 connector. Read next time.
Again complete nonsense. We are talking about UART only. Don't try to include JTAG and other test connectors with direct access to CPU, flash etc. for scaremongering.
Let's compare two boards: RB411 and RB711
Same CPU, but RB411 does have RS232 port that's connected to MAX2323 level shifter and then to UART0 pins on CPU.
RB711 have exactly the same pins routed on PCB to pads marked RX and TX, without level shifter or RS232 connector.
Now tell me, how is RB711 more secure by not having exactly same bootloader menu available on internal TTL UART pins as other board have on RS232 connector?
Only difference is signal level and connector... both completely meaningless in this case.
You get exactly same access to CPU on both boards, yet on one it's disabled by software for no good reason. It would only provide exactly same level of access as on the board with RS232 console connector. There would be no difference in security what so ever. And if you don't want it, it could always be disabled in routerboot, exactly same as on boards with RS232.
You can use a Saleae and have a dump within minutes. I would know.
Try some basic hardware hacking and you'll find that devices without these ports disabled are prime vectors for compromise.
This is further found in various homebrew router communities who need physical vectors for flashing or cert dumps.
I have done countless NAND chip swaps to repair routerboards or to simply get higher license level... so I know how to deal with all this stuff anyway.
But UART is last on your worry list if you are talking physical device security, because then there are other ways how to get information out of the device that are much more convenient.
And talking about "prime vectors for compromise" .. you can simply put device to netinstall mode and load custom kernel from network. Having bootloader console would not change this in any way (and if you know how to disable netinstall, you surely know how to disable the boot menu).
As for homebrew, if I buy some device, it's mine and I can do what I want to do with it. With the state of WIFI support from Mikrotik, running OpenWRT might be only way to actually use this hardware to it's full potential. Devices where I can't run my own code (another good example are phones with locked bootloaders) are on my blacklist and I would never buy such crap. Being able to repurpose old hardware (that might be just a few years old) is only way to deal with e-waste problem. Reuse > Recycle
And if any of this somehow compromises your security, then you are using completely wrong devices for your project, as none of Mikrotik hardware is hardened against access at PCB component level. If you care about someone dumping certificates from your devices, then you want device with signed chain of trust from bootloader to firmware, encrypted flash and memory and other measures.
But back to the original question:
Would having exactly same access on internal UART pins as on external RS232 connector compromise security?