An unmaintained device was always going to be a security problem; at least with open code and a way to install it there's a way to patch problems after the vendor stops providing fixes.
I'm on the same page, but was wondering if there would be any concern about liability on the part of the company that released the code (mandatorily, as suggested).