Complexity can be thought of as a type of code smell: It doesn’t
necessarily imply that there is a problem, but the presence of
complexity is very strongly correlated with the presence of
security vulnerabilities. In the design and construction of secure
systems, it is important to not only consider mistakes which are
guaranteed to cause problems, but to also consider factors which
make it more likely that problems will arise — or, put another
way, factors which make it harder to get things right.