Folks, please (heavily) consider silent.link .
🔽🔽 Here's some info about why their particular esims are more secure than your average ISP controlled eSim:
Discussion
The real issue is the phone number. That's the attack vector. Allowing inbound only remediates that issue entirely. But most people feel they can't live without a number. I'd argue the contrary.
Remember, privacy is a layered approach. Otherwise it's called "secrecy" and you don't want that, cause then you be one a target, like a government agency.