The Adobe page I linked to says this as regards the ESR version:
We have created a branch of the Flash Player code that we keep up to date with all of the latest security updates, but none of the new features or bug fixes available in our current release branch
Which suggests that it's as secure (if that's saying much) as the standard version.
You have the option (via "Tools >> Add-ons >> Plugins") of setting it to "Ask to Activate" if you want. That should (I believe) reduce the chances of it being used for nefarious purposes. You can also disable it completely. After some testing it appears that with the "Ask" option enabled most sites will default to Flash (after you've approved), but with it disabled they play HTML5 instead.
You might try this and see what happens?
TFP