Do VLANs really provide total isolation? Are there any attacks that still work for breaking out of a VLAN? Just like there is always a way to break out of a sandbox?
It depends on how the VLAN tagging is applied.
If the rule is that everything from a 2nd SSID has the VLAN applied, that's pretty secure.
If the rule is that things with a particular MAC address have the VLAN applied, that depends on the device not spoofing another MAC address.
And if your rule is that already tagged traffic is left as-is, then a device can tag its own traffic with another VLAN.