Keep an eye on the PoE Unifi items, they are not standardized, at least when I built my system, they used 24 and 48v PoE which caused the use of dongles for parts. Even though I have a PoE switch.
Just for clarification, you ran into the classic Passive PoE vs Active PoE (802.3af/at/bt). Passive PoE is usually only 24V (there are a few 48V examples) and the ports are not autosensing and have to manually turn on or off the PoE function. Active PoE (802.3af/at/bt) is autosensing and use a voltage range between 48-57V and will turn on the power if it senses the device it is connecting to requests the power.
There is also PoE+ (802.3at) and PoE++ (802.3bt) now in the mix as well. Mostly these just allow for higher power draw per port than the previous standards, but the voltage range they support also changes between them and thus are typically not interchangable. This is why I hate companies not using the actual standards in their documentation/marketing materials.
As for the thread's original purpose, the main reason they believe they are vulnerable is because they are so quickly abandoned with no firmware updates, leaving them open to attacks when a vulnerability is found in some of the underlying software that is in use on them. Running a third party firmware and keeping it updated will help mitigate that. There is the slim chance that there is some kind of backdoor as well built into the hardware, but I have not seen any announcements of those being found. The backdoor could be software or hardware based, so if it is software, again, running a third part firmware like DD-WRT or OpenWRT would remove that threat. Hardware based backdoors are a little tougher to resolve...