It is mostly meaningless and tautological claim: even every non-buggy feature of a software system has the potential to be used maliciously; a working system itself too.

Yes, maliciously used features should sometimes drive change (eg. in how to reduce or reduce impact of social engineering attacks), but as a claim it has no value.