Slackware gets security updates backported to its package versions, like Debian. If you run Slackware Current, it’s actually just as active as Arch or Debian Sid. But for the software you install from outside of the repo, keeping it updated and secure is on you. I just use Flatpaks cause I’m a lazy Slacker.