Hey,
I just found this interesting article about an apparently significant eSIM mobile toolkit implementation weaknesses: https://security-explorations.com/esim-security.html -- primarily caused by the importance of the earlier (2019) disclosures downplayed by the vendor and Oracle.
While it covers mostly risks for mobile networks operators, it doesn't touch the "what is the risk of the compromised eSIM inside a phone" part:
If target eUICC chip runs vulnerable Java Card VM implementation, its security should be taken with cautious (vulnerable Java Card VM can lead to chip compromise and secrets extraction as illustrated by this research, backdooring of a target eUICC can't be excluded too).
In my understanding we're not vulnerable to that because of Titan, but it may be interesting to see the real world impact.
It also covers the risks MNOs expose their subscribers to due to the insufficient checks.
All in all, fascinating article.