There are still data output corruption bugs in some “Not found” search pages. While there does appear to be some degree of filtering by heuristics, that cover a wide range of possible exploit vectors, it is generally unwise to delay fixing the underlying bug.