The even more interesting thing is that all functionality increases the attack surface and therefore makes all devices more vulnerable. The most secure state is not to have the device at all or, failing that, to have it permanently turned off. This is true of every device, not just apple.

The reason people possess devices is to use functionality and therefore they have to make some tradeoffs in terms of security. The default state is what apple currently think is the best tradeoff in terms of risk vs functionality for most people. For people with an extremely unusual threat profile it stands to reason a different tradeoff might be appropriate.

Great reply, but don't forget to add Apple's bottom line to the balance beam of user risk and device functionality there

True.

That said, they do give a lot of granular control to the user to turn off individual functions if the user feels differently and wants to change their stance eg iMessage can be disabled with a switch in settings.

Because it turns off a lot of functionality people like:

https://support.apple.com/en-us/HT212650

This is a classic challenge for security: every feature expands the attack surface, but users often pick what to buy based on those features.

Isn't there something like a 50% performance hit too, since it turns off a lot of optimizations?

In Safari, yes, losing the JavaScript JIT is hefty but I’d somewhat cynically argue that it’s probably balanced out performance-wise if you install an ad blocker.

Lots of people would be blocked iMessaging each other TIF images.