The GSMA embedded UICC is to be standardized soon. A country Universal Discovery server will manage the different carriers offers and from there the profiles will get delivered onto the eUICC.
For more infos see here
What to expect related to crypto breaking? The historic A5/3 cipher with 64bit keylength is to short and breakeable by < $ 1M.
There is a certain risk that suspects hack into eUICC and load profiles we cannot decrypt. If they cascade their own temporary mobile network with empty 'carrier identifier' and after feed e.g. over Small Cell (Wifi offloading) into MNOs nets we get a problem. How to IMSI-catch 'non-visible' suspects MNO nets just temporarily available?
What SWOT see you in the eUICC coming up?
Who did testing desoldering of eUICC e.g. from Giesecke & Devrient (DE) or Gemalto?