It appears like it's supposed to have been employed for actual servers, and that i see pointless the reason why you should not. It is simply apache, mysql, plus some other things anyway. If you are worried about while using bundle, just install the various tools yourself, from packages or source.
With packages such as this, the default is frequently "everything on" to permit individuals with little experience to visit download it and obtain wordpress,silverstripe etc ready to go as quickly as they are able to.
For production servers, the suggested approach to take about things is the opposite way round, just enabling what you ned to complete the job and turning from the relaxation. If you have 35 apache modules and 26 php modules running then that's procuring code to slow your server lower and expose more weaknesses. More software running means more patching, more watching for holes and often less when it comes to performance.
Think about these packages like ampps and mamp as play grounds for programmers. You can deploy them on the production server and they'd probably be fine but stable systems and secure systems need a more vigilant method of creating a production web server.
Once you have built the application, if you're able to discover what exactly are its minimum needs are when it comes to apache php etc after which install precisely what it requires, you will probably find it more workable over time.
It's convenience versus security as always!