I tend to agree, but if the Pale Moon developers agreed they would have shut the project down long ago. The legacy APIs they're clinging to are loaded with security risks -- that's part of why Mozilla ditched them in the first place. And there's not much evidence that Pale Moon et al. are doing anything substantial to remove or mitigate them.