And the more layers of cruft you have, the harder it is to understand what is actually needed and what is either optional or just plain pointless. Lots of lazy programmers drag in the kitchen sink just to be sure. It's less work that figuring out what is exactly needed, and using that and no more. The C/C++ linker punishes such behavior severely, and thus it's far less common in those languages.The chance that one single library is bad is quite low. However once a solution drags in loads of cruft, this chance raises considerably.
The harder your dependency tree is to understand, the less likely it is someone will spend the time needed to identify any potential problems in it, and therefore the easier it is to sneak in nefarious code.