You may google about mechanics, but basically, it is just a mechanism to ‘reexec’ your kernel to something different, usually another kernel, but you can boot netboot.xyz, for example.
But now imagine that it will boot a kernel that will dump the output of all your traffic, or will dump all your keyboard keypresses (keylogger).
These are unlikely scenarios. But I prefer to disable this feature since I don’t use it anyway.
Also, about keyloggers. Any program inside your X session may grab all your keyboard events. Literally last week I wrote a keylogger in rust in 70 lines of code. Therefore, use Wayland.
According to the update, you need to set bpf_jit_harden=2 and unprivileged_bpf_disabled=1. (Even unprivileged ebpf may crash your kernel. For some unknown reason, this is not recognized as a problem.)