Sounds like you are defining a set of requirements, which could indeed become constraints as you have not defined your messaging architecture or data flows, or at least revealed it to us.
In my opinion, it is important to first understand how and how often you want to capture data, where the data is going to and what you want to do with it, then and only then can you decide on hardware architecture to facilitate.
The core imp hardware device, whether it’s imp003 (wifi only) or imp005 (wifi + Ethernet), is certainly one option that delivers on security and in facilitating the data flows to and from a cloud-based service. You can then relatively easily add modules around this core as well as securely link with other web services.
These days, however, there are more and more manufacturers offering integrated connectivity options and many offer dev boards with many of those sensors you required already built in. One issue to consider though, is that with some of these integrated hardware options (e.g. TI Simplelink, ESP32, Hologram, Pycom, Wysol, Particle, ARTIK, etc.) you are then left to build the base-level cloud architecture yourself. That can be somewhat problematic and time-consuming from a security point of view.