Regarding the apt "recommended" concept, it's a generic concept of optional functionality; it's orthogonal to security. If one wants to make a generic association with security, less recommended packages -> less functionality -> smaller attack surface.