As a general principle, having fewer links in the chain means fewer links that can be weak. Fewer exposure points makes the "attack surface" smaller, and allows developers to concentrate more attention on securing the remaining areas.
Complex code and systems increases the likelihood of introducing bugs or making security mistakes. Simpler systems require less expertise to understand, review, and maintain.
Write code comments
Break up long sections of code into small functions
Use clearly named functions and variables
Turn off features you do not need
Have fewer dependencies on other code and libraries
Don't repeat yourself
Built-in functions are better than custom functions
