PDF has had a zillion vulnerabilities over the years. And Apple doesn’t guarantee in Safari that Preview.app is the default handler, so that expands the scope of potential vulnerabilities to Acrobat, which is notorious for its history of vulnerabilities.