Most security patches don't have nearly the security implications that this one does. A lot of the time it may be for functionality you don't use or for some really extreme threat model. This is a widely used component that can be broken using a very realistic threat model.