OK, but at some point your ratio of delta reliability / delta redundancy starts to diminish or possibly work the other way.  To many systems can cause confusion in threatening situations.    The redundant systems can sometimes cause failures on their own that could be worse than the risk of not having the redundancy.   I'd say 2-3 levels should be enough otherwise you're can't possibly draw them for consumption on this list (grin).  I always like to refer to the infamous Cessna MEB that installed a failsafe switch to turn on hi boost if one of the two engine fuel pumps failed.   So many of those failsafe switches activated in error that some planes were lost when the mixtures went full rich and killed one engine.  Eventually, it was understood that the pilot can deal with the loss of pressure more reliably than confusing him with an abstract failure and those switches were removed by AD.