IME unmaintained Rust packages usually aren't an issue, because Rust's backwards-compatibility is really good. Only if there's an unidiomatic design or bug in the part that you use, or a security vulnerability.
Rust dependency bloat may be an issue, but with good static analysis maybe not (the compiler can effectively remove dead code unlike JavaScript, and the IDE may be able to effectively filter it).
I wonder if there's a way to do a pass on a repo to remove code that will never be used due to the hardware you're targeting. You do have a good point in that it being unmaintained isn't necessarily the end of the world, I just kinda start to sweat when I think about ZX and see the advisories.
Rust dependency bloat may be an issue, but with good static analysis maybe not (the compiler can effectively remove dead code unlike JavaScript, and the IDE may be able to effectively filter it).