From a security perspective, you want to add features only when they're seriously needed, not just because you can. Even if the new feature seems completely safe, there may be some potential way to compromise it you're not seeing, or some interaction it will have with other features that isn't obvious until the two are shipping together.
The smallest attack surface is no attack surface at all.
From a security perspective you should consider what users are already doing and if introducing a feature can be better security than that.
Users are already installing local applications from untrustworthy hardware vendors just to interact with bluetooth devices. I think a web bluetooth standard is an improvement on that.
Flip side-- just keep adding features until your userbase is large enough to justify a security team that a) assumes the API is a giant dumpster fire and b) redesigns the system so that it continues to work even when lots of things are burning.
The smallest attack surface is no attack surface at all.