The more programs a system is running, the more programs a cracker can attack. If they can't get in via a webserver, maybe they can break in through ftp, or DNS, or even ssh. And, once an attacker has broken in via one service, it can be a very short step to root access, and full control over all services on the box.
In general, if you don't absolutely need a particular service to run, don't run it. Many distributions install a lot of programs and services you just don't need and would be better off disabling.