Bluetooth is blacklisted to reduce attack surface. Bluetooth also has a history of security concerns. https://en.wikipedia.org/wiki/Bluetooth#History_of_security_concerns
This is a very sharp decision. Many users use bluetooth for different purposes, like bluetooth speakers, mouses, keyboards, and other pieces of hardware.
Although bluetooth had many critical flaws, their core recommendations always admonish how to resist. Like the KNOB vulnerability which had a place on all bluetooth chips 1.0 to 5.1, core specs now say “enforce a minimum encryption key length of 7 octets for BR/EDR connections”.
It’s better to accurately follow the recommendations and not to cut the technology.
Was always wondering if we’d need two more packages.
security-misc-vm (where blocking bluetooth makes sense) and
security-paranoid (more experimental, more likely breaking things, probably non-default, optionally installed package).