I still think bluetooth should be deactivated by default. You also don't let water run because you eventually take a shower at the end of the day. It's usually turned on when needed and should stay off when it isn't. Obviously display server and kernel are components which you cannot turn off if you want to use your system. Thanks for pointing to SSP and ASLR, wish this were documented somewhere in the help center under security though.

Your rationale makes no sense - in this case we should also block USB because of the potential. Gimping the out of the box experience so stuff doesn't work because
"that one time it had a CVE" - and making the system worse for the user pretty much goes against everything that makes Solus what it is.

Our systems aren't discoverable or paired by default - you have to actively set them to discoverable and pair devices.

I was actually just about to write about USB. There are users who prefer auto-mounting, others prefer to do this manually, and again others prefer the option to block all USB ports. Here's a thought: What about introducing a Budgie security/privacy widget with different modes to switch between? Such modes could range from a total lockdown of the computer to an essentially open system and the user could choose under which mode to run the system.

Or just turn off bluetooth by clicking the icon in the tray - which is something you can already do. We're not a security distro like Kali, and we're not a privacy distro like Tails. We're Solus. Let's keep our eyes on the prize, please.