Everything is a risk, the only way to really secure your computer is to turn it off, unplug it, wrap it in a faraday cage, and then start working on physical security. Since such a machine provides very little value to people, everything is a matter of what level of risk you are willing to take.
running a 'allyes' kernel publicly exposed to attackers (i.e. on the Internet) is a very bad ideal. You want your Internet exposed devices to have as small of an attack surface as possible, and this means disabling features that you don't need. The distro kernels tend to marginal in this area, they enable just about everything, but do so as a module. so it's not always loaded, but some action can cause the kernel to think it's needed and then the module will be auto-loaded.
you need to understand the risks, and then evaluate the risks, not just think "risk == BAD"
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds