Thumbnail preview is a _massive_ attack surface. All those RCEs in JPEGs, MP4s, PDFs etc are now potentially immediately executed upon displaying the file. No thanks.
So turn it off if it worries you. Keep in mind thumbnail rendering is sandboxed[0]. It's Linux, the reason I like it is that it doesn't try to prevent you from doing whatever you want.
What do you do between opening the file manager and opening the image/video itself that verifies it doesn’t have any RCE exploits that other people aren’t doing?
See, the nice thing about Linux is that you can always disable what you don't like. You're never just helplessly subject to the whims of the developers.