ICMP can be used to affect routing on insecurely configured hosts. That might be an exploit vector? Circa 1995-97 there was the ping of death....but that was 20 years ago.
Most of these security best practices are like building code. They get written down and are never updated. For example, showers need a 2" drain pipe but tubs only need 1.5". The theory was that a backed up drain would flood a bathroom with a lower shower rim very quickly. It would take much longer with a tub (higher side wall). No one ever bothered to update the regulations once we stopped allowing 5 gpm showerheads. There's no reason put into it. Just "nope it says 2" required b/c we've always required 2"." "Why?" "Because that's how it is."
Most of these security best practices are like building code. They get written down and are never updated. For example, showers need a 2" drain pipe but tubs only need 1.5". The theory was that a backed up drain would flood a bathroom with a lower shower rim very quickly. It would take much longer with a tub (higher side wall). No one ever bothered to update the regulations once we stopped allowing 5 gpm showerheads. There's no reason put into it. Just "nope it says 2" required b/c we've always required 2"." "Why?" "Because that's how it is."
Same way with computer security.