Stick with Go 1.7 means no security update. This give an open highway for hackers to perform large ddos attack etc.
Go is amazing. In few lines you have an SSL/HTTP server ready for production. But this is only possible if you are able to deploy security updates.
In the past they backported imported security fixes (e.g. a fix in 1.7.4 was also in 1.6.4).
I'd first wait and see if there are security fixes that are not available for 1.7 and affect packages you use. It could very well be that this is not going to be the case for a long while.
As noted in the above comment, this isn't necessarily the case.
You might consider writing on the golang mailing list, explicitly asking them to backport security fixes to 1.7 in the future. I think this is a reasonable request, and one that is likely to be implemented if it garners even slight interest.