Afaik simcards run a simplified version of Java that has full hardware access and can be updated remotely. I don't see how it can possibly get any worse than that.
I'm no expert in the matter however this is what I understand from it.
Chips like the one in your debit card are fully fledged computers and do run software. When you plug it into something it receives power and interfaces with the other system. That's why it is secure, because like a pc it can use encryption etc.
Come to think of it, they must also be able to run with the low power provided by near field transmission, aka contactless payment.
Anyhoots the same kinda chip is on a simcard.
As far as I understand it they run a more limited version of Java, has full access to your hardware including being able to read all memory, and being updatable remotely.
You might also be interested to know that modern hardware commonly has such secondary computers with full access built in. Take the intel management engine for example, which is part of every modern intel cpu. However there are privacy oriented companies that disable these.
The real question is who has access to these things and what are their interests. It might not necessarily be a malevolent actor. It's one of the challenges of our time to answer questions related to these topics.
Nope, they are computers that run a Java-based OS.
If we want to talk about smartcards in general (contactless, chip-based, dongle-based) some of them only store/retrieve data, some only store a single unchangeble identifier, but others like banking cards & transit cards tend to run a small operating system that you can talk to, and even run applications on.
With a cheap USB card reader, you can actually interact with the operating system on a chip-based bank card using Linux