What? Yes, Security updates for eol devices is clearly better than doing nothing. Apple’s externally facing vulnerability management program has a bunch of issues but I don’t see how that is relevant
Better for whom? It’s EOL. Are they just plugging high-visibility issues? That’s not doing anything for individual device’s security. They need a giant INSECURE sign instead of giving that false hope for people: “they might patch me past EOL if it’s bad enough”.
Better for the users and for Apple. "less bad" is another way to put it, but it's the same result. I don't see what you're not getting: one security fix is good, even if there's 3 other huge security gaps. Makes the overall situation less bad (or "better"). You can debate about the magnitude of the improvement, but I really don't see how it can be argued there is no improvement...