Wasn’t the reason why it’s suggested to use Change addresses so if there is some bug in the hashing of the public key, your chances are higher of not being targeted.

Basically when you spend an output you show your pub key, if you never send your outputs then your public key is a secret. Since the public key is known there is slightly less security. Hence why it’s smart to use change addresses.

Is this correct?