Why aren't residential IP services a security risk?

Without defining your terms it's impossible to know exactly what you mean. That said, the MIRAI worm/botnet exploited loopholes in domestic/residential home router deployments, and there are many instances of large scale attacks grounded in the domestic internet deployment.

ISPs routinely have to regard their customer base as a potential threat to the core network. And of course, inside the home, it would be sensible to think about threat models from IoT against devices inside the protection ring, against other nodes in the home network.

So I kind of wonder: given we already routinely see attacks from 'residential IP' in what sense are they NOT seen as a security risk?

I am not allowed to cross my work firewall boundaries from a machine which is not itself protected against threats, even in my home. And I cannot attach random devices in my home to the work network: it's seen as a security risk.

So: what makes you think they are not seen as a security risk?

I suggest you flesh out your question.

"residential IP services" might mean someone running a web server, or someone's microwave accessible "from anywhere with our convenient app!"

"security risk" might mean to the resident, or to some entity trying to eliminate "dangerous home servers".

this is one of those false negatives...first you have to argue for a reason they should be...why arent zebra crossings blue and maroon?

Who says they aren’t? Also why would you assume they are. A lot of residential ranges might host small businesses.