This is another proof that systemd is an anti-pattern for security: with its crawling and ever extending web of dependencies, it extends the surface of vulnerability to orders of magnitude, and once embraced not even large distro communities can defend you from that.