If there was a known security exploit, it would have been patched. Everything works, so nothing essential is missing. The way I see it, it’s yet another attempt to manipulate users into switching away from open standards.
Also, it’s a multi billion dollar company, can they really not afford to put a couple of devs to work on changing a few lines of code to fix whatever small incompatibility there may be?