This could indeed be the one size fits all, although I still think unused features should be removed entirely (maybe available as downloadable extra modules).
But features unused by you are not unused by everybody. It is far easier from both a development point of view and an end user point of view to simply hide the features you don't want to use than have to install multiple additional add-ons for the feature you do want to use.
Hiding isn't enough in my opinion, see above.
If your concern is the attack vector presented by additional features, then your risk model is probably all messed up.
If you are using Electrum as a hot wallet, then it is incredibly unlikely your coins will be stolen by some bug in how invoices are generated, but rather from something like clipboard malware or your wallet file being stolen.
If you are using Electrum as a cold wallet, then it is even more incredibly unlikely your coins will be stolen by some bug in how invoices are generated, but rather from your accidentally connecting your cold wallet to the internet or from a physical attack on your cold storage.