First, there's no chance about it because you can't do anything with it once it's a normal executable. There's no "hoping" about it - remove special permissions and audit the whole FS and it can't be used for an attack (any more than any other binary on a minimal system could be). That being said, you do it to improve the efficiency of the system for the users and reduce time to troubleshoot issues.