The point is small software just does less; when you need to do more you either build large software or you put together a bunch of small software which is effectively, from a security standpoint, the same thing.
Small programs that don't do anything are secure but nobody cares.
And you've probably written software larger than Notepad; a very popular small Microsoft program.
In contrast to others, this is a comment that reflects truth.
The only points I would contest are 1. that "a bunch" is effectively the "same thing" as large software. A "bunch" can vary in number and quality. My userland is a single "multi-call" binary and quite small. The sum total of source code is not so large that I cannot manage it. It's keeping tabs on the kernel code that presents the challenge; and 2. that "nobody cares".
If "nobody" cared, then you would not be seeing a comment such as mine because there would be nobody to author it.
Moreover there would be no reasonably small kernel source that users like me could use. Some people care enough to maintain that kernel and to keep it relatively small.
Maybe that group of people is like the software: small. Suits me just fine.
Small programs that don't do anything are secure but nobody cares.
And you've probably written software larger than Notepad; a very popular small Microsoft program.