IIRC the installer .exe used to contain some bundleware, but not the java code itself. I guess it is safer to avoid .exe and use .jar directly like it is done on non-Windows anyway. Or use yt-dlp with Python.
This was already discussed at length
here.
Make sure you won't get hacked like
Don_Solaris back in 2011
