the complexity of clients makes it more likely however

the point of isolating it in a simple, single purpose thing is to reduce the chances of there being a vulnerability

it's a point lost on many programmers these days, the reason why the Unix philosophy talks about small, single purpose, modular applications. Security is a big part of why, but a small part of the broader problem of bugs, which also cause other inconveniences