An IP address allows for a targeted DDoS. Streamers used to get DDoS’ed by getting their IP address through Skype. A $5 DDoS can take down a streamer you don’t like for hours or days.

P2P is not inherently privacy friendly. In fact, it’s inherently less so. That’s why projects like veilid and Tor used multiple routing layers to provide privacy. Various IP geolocation services I’ve tried in the past have been able to get the lookup location right down to street level for some ISPs.

Maybe your ISP doesn’t publish geolocation info, but that’s not some kind of universal fact. Furthermore, various tracking libraries also sell IP geolocation data (like the shit they shove into ad supported weather apps). They get a rough geolocation from your phone through either the most recent picture you took or the location permissions the containing app already has, and submit that to their server, allowing them to geolocate you even bevind a VPN.

There’s nothing an unmotivated attacker can do with your IP address to break into your device’s, but basic bullies can make your life pretty shit.