the complexity of clients makes it more likely however

the point of isolating it in a simple, single purpose thing is to reduce the chances of there being a vulnerability

it's a point lost on many programmers these days, the reason why the Unix philosophy talks about small, single purpose, modular applications. Security is a big part of why, but a small part of the broader problem of bugs, which also cause other inconveniences 

 Agree...(in theory). 

How many times to devs pull from a library of "trusted" code, only to find at some point in the future that "oops, we found a bug in library x"...

Often it's no one's fault--but it happens. 

So modular applications / libraries come with potentially even a greater risk... 😃