Any self-respecting malware writer will download and decompile the Powertools to find out what API calls are being used. Especially if they're calls to an undocumented API.
Having Powertools on your computer is thus not the security hole it might appear to be.
The fact they exist at all - well that's not really a security hole either. Their existence just more quickly dissolves any security-by-obscurity that might have existed. Someone would have found those calls another way.
One might suppose that they contain something special that's not in the stock OS, but then we're back to the malware writer's reverse engineering which would lead them to learn and implement their own versions of whatever it is that Powertools does.