Generally the larger the codebase the harder it is to secure. I am less worried about security vulnerabilities on small tightly focused apps than I am on gigantic monstrosities with hundreds of different attack surfaces.