Well ssh is a fairly complex daemon with quite a few features. For example with OpenSSH you can authenticate with a preshared key and challenge response or with PAM integration, or with a regular unix password. It also supports several types of encryption. All these things are useful but requires more code.
Some people would argue that a very simple daemon with fewer features might be more secure because it has less attack area. For example Colin Percival of Tarsnap created spiped which essentially replaces 'ssh -L'. It only supports shared key authentication and AES-256 and consists of only about 4000 lines. He connects to ssh through a spipe tunnel.
It has just occurred to me that I went from an employer for whom 'the internet' was just a medium over which biz was transacted to one for whom without 'the internet' would not exist at all.
Some people would argue that a very simple daemon with fewer features might be more secure because it has less attack area. For example Colin Percival of Tarsnap created spiped which essentially replaces 'ssh -L'. It only supports shared key authentication and AES-256 and consists of only about 4000 lines. He connects to ssh through a spipe tunnel.
https://www.tarsnap.com/spiped.html