Security by reducing attack surface is a standard, and sensible response.
What you are asking for is that Apple (or any company) be able to produce absolutely 100% bug free code, no matter the complexity or requirements. This feature is an acknowledgement that what you're asking for is an unreasonable demand for any company.
So Apple has looked at the attack surface present by default, and then provided an option to that trades off removing presumably low use features in exchange for removing large attack surface. That is a trade off: for example any modern phone would be vastly more secure if all it could do is make phone calls, and everything - the browser, apps, etc - were disabled. But that end of the spectrum results in an impractically restricted device, in reality there's a middle ground, but for high profile targets the trade off is closer to "just a phone" than it is for normal users.
An example is the RW^X region required to support JITting JS - the OS simply supporting such memory region at all was a huge addition of attack surface to the platform - prior to that every single executable page was protected by code signing, afterwards there was a region that by definition the OS could not verify, and it has been used by every attack since then. But disabling that simply disables the JIT, the JS interpreter runs, so the impact is only that some web content runs slower, but the functionality itself is still there.
Similar for messages: receiving JPEGs is super common, receiving OpenEXR or whatever probably isn't, so removing everything other than JPEG by default again removes attack surface without realistically impacting the usability of messages.
Security by reducing attack surface is a standard, and sensible response.
What you are asking for is that Apple (or any company) be able to produce absolutely 100% bug free code, no matter the complexity or requirements. This feature is an acknowledgement that what you're asking for is an unreasonable demand for any company.
So Apple has looked at the attack surface present by default, and then provided an option to that trades off removing presumably low use features in exchange for removing large attack surface. That is a trade off: for example any modern phone would be vastly more secure if all it could do is make phone calls, and everything - the browser, apps, etc - were disabled. But that end of the spectrum results in an impractically restricted device, in reality there's a middle ground, but for high profile targets the trade off is closer to "just a phone" than it is for normal users.
An example is the RW^X region required to support JITting JS - the OS simply supporting such memory region at all was a huge addition of attack surface to the platform - prior to that every single executable page was protected by code signing, afterwards there was a region that by definition the OS could not verify, and it has been used by every attack since then. But disabling that simply disables the JIT, the JS interpreter runs, so the impact is only that some web content runs slower, but the functionality itself is still there.
Similar for messages: receiving JPEGs is super common, receiving OpenEXR or whatever probably isn't, so removing everything other than JPEG by default again removes attack surface without realistically impacting the usability of messages.