from @unman post: Why Use Minimal Templates?
It doesn’t matter if an application is started, or used.
Most packages bring in libraries and associated packages, any one of
which might provide a foothold for an attacker. That’s how the attack
surface increases, not just by bugs in running applications.
Eventually, everything has vulnerabilities.
It’s a matter of tradeoffs. After all, you can go out of your house, fall and die, but it doesn’t mean you’re going to sit at your home now, right?