I won’t pretend to know how tightly integrated the keyboard is within the Android OS, but given the interoperability between app and keyboard it seems likely that vulnerabilities could be leveraged to gain malicious access to the clipboard and other sensitive data.
Not every project needs regular maintenance. I can imagine a keyboard to be a finished product, no updates necessary.
I won’t pretend to know how tightly integrated the keyboard is within the Android OS, but given the interoperability between app and keyboard it seems likely that vulnerabilities could be leveraged to gain malicious access to the clipboard and other sensitive data.