That seems deliberately misleading. They may not have “provided” security updates, but they did “distribute” them when they were provided by community package maintainers.
The way I interpret that paragraph is that now with an additional revenue stream (Pro/ESM) they can develop security patches and only subscribers will get them. I think their attempt to get the conversation started (putting ambiguous sentences inside of apt) has back fired however.
Without a more granular solution in apt, this seems to require Ubuntu to halt the practice of allowing maintainers to provide their own updates for those packages. In other words, they seem to be taking away the community maintainers ability to provide updates for those packages. I am not sure how they can claim nothing is being lost here.