The problem is that PDFs are a superset of Postscript which is a programming language. Your PDF is a program. And that comes with all the associated problems with downloading untrusted software.
You have that exactly backwards. PostScript is indeed a full programming language (and yes, there were demos of PostScript applications running on laser printers, using the printed page for output). But as originally conceived, PDF is a
subset of PostScript that cannot execute code -- the PDF file contains only the declarative PDF graphics commands, embedded fonts and graphics, and in later versions, the bolted-on interactivity.
Long after inventing PDF, Adobe added JavaScript to it to give it interactive capabilities like forms.
Most PDF vulnerabilities are either: JavaScript that is set to execute on launch; "normal" exploits of a rendering engine (buffer overflows, etc); or trivial JavaScript vulnerabilities like "bad" email addresses and links.
In a nutshell, a PDF
can contain executable JavaScript. But the graphics commands themselves are purely declarative graphics drawing commands. A non-interactive (and non-infected) PDF contains no executable code.