Pretty much nobody disagrees that less code means more secure. Amount of code essentially always correlates exactly with number of bugs. I have seen security programmers measure their skill in number of bugs per thousand lines of code. If you average ten bugs per thousand lines of code, removing a thousand lines of code removes ten bugs. If you remove a thousand lines of code, it means people auditing your software can spend more time looking for bugs in the remaining code. So removing lines of code directly removes bugs, and also makes it more likely that bugs will be found and fixed in other parts of the program.