This is so far outside of reality that I can't believe I'm even commenting on it.
If you believe people don't use software that is unmaintained and hilariously out of date I genuinely don't know what world you live in or how to deliver the bad news to you.
Oh, I agree that today there's a general expectation that externalized security doesn't matter and someone will always come around to rescue you (and your unmaintained dependency) from disaster. I'm just saying: infinite free bugs is likely to disrupt that equilibrium.