You personally might not need or rely on the WP REST API, but clearly Contact Form 7 does. And so does WordPress core. Especially future versions (think Gutenberg) will heavily rely on the REST API and won‘t work without it.
There might be plugins that disable the API, but that‘s at your own risk and certainly doesn‘t make your site suddenly secure. It might decrease the possible attack surface, sure, but at the cost of breaking all parts that rely on the API.
tl;dr: There‘s no point in disabling the WordPress REST API.