After acquiring Macromedia in 2005, Adobe integrated Flash into several of its products, including Acrobat and Acrobat Reader. This allowed embedded Flash (SWF) content in PDFs, which contributed to increased installer size and complexity. Flash support was eventually removed in the early 2020s after Adobe officially ended support for Flash Player.

Adobe also embedded a JavaScript engine in Acrobat to support interactive PDF features like form validation and automation. Both Flash and JavaScript introduced significant security risks over the years.

While Flash is no longer supported, Acrobat Reader still includes JavaScript functionality, which remains a potential attack surface. In contrast, lightweight PDF readers such as Sumatra do not support JavaScript or Flash, offering a smaller and more secure footprint.

I always found the embedded javascript weird in an ironic sort of way.

There was postscript right, and postscript has a pretty great rendering engine. however the problem is that postscript is too powerful, as a Turing complete language it is hard to use the script results as a document. So adobe used the same rendering engine, tore out the Turing complete bits, added a bunch of structure and ended up with PDF. And the irony... they then proceeded to put the problematic Turing complete bits back in in the form of (spits in disgust) javascript. Hell, if they absolutely needed a scripting language embedded in their document(debatable) they should have put postscript back in.