Can you elaborate why you think that is the case? This is a well-established security practice. I don't see much upside to having code or binaries around that are not needed but can be potentially exploited. One of the first things I did when I used to manage servers was shutdown and remove any services not needed, disable all Apache modules not in use, etc.
A house on stilts makes it difficult to rob, but not for the man who walks on stilts. Security practices need to be implemented holistically or they are easily defeated. By themselves they aren't worth much and end up being unnecessarily cumbersome.
Removing outlying code that could be used as part of an attack can be useful for complex attacks. But they are essentially outliers - the actual code that you are actually running and is the actual target is still there, waiting to be pwnd. The time you spend trimming fat can often be better used to actually harden a system's access control or policies/procedures, perform auditing, etc.
