[un1xl0ser]

The main reason to know vi inside and out as a Unix administrator has to do with it being the lowest common denominator on Unix and Linux systems.

As a *nix tech I could get a call to work on a QNX system, HP-UX system, SGI Altix supercomputer or a Sun Ultra 2. Linux systems were easy, as they had the package management support for FL/OSS, and would commonly come with Emacs in the base-pack (before nano was mainstream). Sometimes you would have a terminal issue and have a single line to work with, in which case you would need to operate vi without seeing what you are doing (or use sed/awk). So maybe it is those instincts to KISS and force everyone to learn vi, like they had to (I had to).

Certainly it provides no significant surface area of attack to have an editor, but I wouldn't put it past a threat actor to leverage plugin functionality as a persistence mechanism. I presume that these applications operate differently as root, but maybe not as service (daemon) accounts. It's not very well hidden, but there are all grades of threat actors.