Yes, to some extent people should be worried about apps potentially containing exploits, but then again they should be more worried about 0-days than a known vulnerability.
> A zero-day (also known as 0-day) vulnerability is a computer-software vulnerability that is unknown to, or unaddressed by, those who should be interested in mitigating the vulnerability (including the vendor of the target software)[0]
Why should a publicly known unpatched vulnerability be a lesser concern than something that you don't know exists?
Why should a publicly known unpatched vulnerability be a lesser concern than something that you don't know exists?
[0]https://en.wikipedia.org/wiki/Zero-day_(computing)