Manually configuring the eduroam network very often means omitting essential information for the security of the connection, such as the authentication server’s certificate or the name of the same server and the CA certificate.
This way, while working ok, the connection exposes your credentials to anyone configuring a hotspot that broadcasts a network with the same name eduroam, even walking on the street, i.e. using the smartphone.
In a very simple way it is therefore possible that your credentials are stolen in order to conduct malicious activity on your behalf on e-mail, your reservations, your connection or anything else being accessible with those credentials.