It's defense in depth. Removing a function like syscall(2) that's a "whatever syscall you want" function that is ostensibly white listed works very well when combined with CFI, and strengthens security of systems without hardware support for CFI.