Just because data can be rendered to DOM on the client doesn't mean it always should be.
I'll try to render HTML wherever the data is stored. Meaning, if the data lives in a hosted database I'll render on the server. If data is only stored on the client, I'll render there.
Its less about bundle size in my opinion and more about reduced complexity and data security.
That said, I've never been a fan of RSC and don't see it solving the "reduced complexity" goal.
There is no additional data security if you are sending a rendered version of it to client instead of raw version.
Data that will be rendered on the client generally should be sent to the client in my opinion because you can easily determine if bugs are a rendering problem or a data problem without sifting through server logs.
There absolutely is. I can fetch a full user record from the database and use it to render on the server, not ideal but still secure. Send the full user record to the client and that data is now more at risk.