I'm more worried about AV software. Code that also needs to be able to parse a large number of file formats, opens every file that enters your computer through one of many pathways, and generally runs at a high privilege level. A huge attack surface that's easy to reach and with far reaching consequences if it can be exploited. Add to this that it's in wide use, often even mandated by corporate IT and its recipe for disaster.