Can you be more specific about the extra attack surface to which you're referring? What vantage point does an attacker need to have to target that attack surface?
Well most data is going through more layers of code. And as a rough approximation the more code running the more vulnerabilities. I guess this "internal" code isn't as critical of a surface because you have to get through the applications but there is certainly still risk.
I'm still not sure I follow. Can you outline a hypothetical in which there is a practical risk, so I know what you're talking about? Obviously, neither of us have all the technical details, so just propose something.
I didn't have any attack in particular, but an example could be sending a long buffer to the kernel that causes an integer overflow and overwrites some important memory. Especially with the non-verified external RAM it seems like you could throw some weird stuff at the kernel.