It would be nice if there was a way to select which risks are displayed on the Sites overview, or to weight those risks.

To me, one or multiple non-active plugins or themes seem a lot less risky than e.g. a plugin that has a known security risk, and they should not be the cause for an alarmingly red icon; I'd put deleting unused / deactivated plugins strictly under «best practice», not «active risk».