Think of it this way, your unused address is like a buried treasure, when you use it and send back the change to the same address is like digging the treasure out taking some coins from it and burying it again, now if anyone passes through and sees the fresh soil, they could dig and find it, unless you bury it so deep that digging it out could take years and so much energy.
This is a misleading analogy. With current technology, no amount of time is sufficient to turn a public key in to a corresponding private key. It is perfectly safe to reveal your public key (and indeed, every used address has done exactly this), and it is not analogous to revealing the location of your treasure.
because each time transaction was made, it's possible that your public key was revealed and could be publicly seen by anyone in the blockchain.
It's not just possible - it's a necessity. You must reveal the public key as part of the signature. Without doing so, you cannot spend those coins.
That time, the address that you've used can be tracked and traced and it could be your wallet address is vulnerable to hacking or it could be at risk.
This is not accurate. The address you have used is revealed on the blockchain the instant you first receive coins to it. And revealing the public key does not put that address at risk of being hacked.
I don't understand why only a public key that starts with 04 is shown
Uncompressed public keys start with 04. Compressed public keys, which almost all software now uses, start with either 02 or 03.
Perhaps the issue is this: to send bitcoins from an address, you must reveal its private key.
You've made a typo here.