Yes, you are right that embedding this library presents a security risk, in particular when the package plus its embedded library gets older and new security issues are found in mbedtls. The segmentation fault now caused by mbedtls was the reason this code was embedded, it didn't have a segmentation fault then. Upstream is looking into this how to solve this.
- Bug#890289: bibledit: embeds mbedtls - vulnerable to CVE-201... James Cowgill
- Bug#890289: libmbedtls Teus Benschop