But then why does it need to redownload everything to rescan an address ?
Full nodes that need to rescan the entire chain to check the balance of a new address don't keep the entire UTXO set. Remember that you should keep only your own UTXOs if you're using Bitcoin for personal use. You need all the UTXOs only when you want to analyze the chain or use commands such as
getrawtransaction.
I suspect that if you set
txindex=1, you won't have to rescan and wait for so long, whether you're pruning or not.
But then if you dont have all the utxo you cant validate the transactions in New blocks either ? ( unless they are related to address in your wallet or spend utxo from recent block ).
UTXOs are unspent transaction outputs, nodes (both full and full pruned) store this and update it with each block they receive.
The reason why they rescan the whole blockchain when you import a new key/address is so that they can show you the entire history involving your key. Technically they don't have to do that, it is just that bitcoin core is designed that way and this way it won't cause any confusions.
Otherwise they can simply scan their UTXO database and only show you what "coins" you currently have and can spend instead of showing you what "coins" you may have had and already have spent.
a hacker can attack your node and slip in a UTXO.
If a hacker could gain access to your computer you have way more serious things to worry about that the hacker modifying your UTXO database!