Disagree. It's hard to screw up a text editor so much that you have buffer overflows 10 years after it's released, so it's probably safe. It's not impossible, but based on a quick search (though incomplete because google is filled with articles describing this incident) it doesn't look like there were any vulnerabilities that could be exploited by arbitrary input files. The most was some dubious vulnerability around being able to plant plugins.
I was trying - poorly it seems - to make a more general point regarding exposure to the internet and across "whatever other program" too. Something like 7-zip, VLC, syncthing, whatever other open source tools you may like, and how you use it exposing you to possibility of attack.
IE you are interacting with "the wild west of the internet" then the balance of update/not-update shifts more towards update. But if not, then the balance shifts to not-update.
But you are correct that either way it depends on the program in particular.