When dealing with software, even unused, one still needs to be aware of alternative attack vectors.
This might be a poor example but lets put it out there anyway.
We all know Java runtimes are not allways that secure.
We allso know Java versions can be installed alongside.
Or when uninstalled poorly stay behind op a PC.
Somewhere along the line certain persons were clever enough to have their code look for outdated versions “left” on PC’s and still be able to use those older versions when done proper.
Also just making a piont.