> In the real world, people need compatibility more than they need whatever cleanup you're able to do by breaking compatibility.
Time and time again, rolling software has proven to be more secure than static releases. A plugin from five years ago that hasn't been maintained in that time is probably going to hurt you a lot.
Rolling software is better achieved with better backwards compatibility than it is with constantly breaking API changes.
When you have constantly breaking API changes, and then someone has an essential plugin that's unmaintained, then they're a lot more likely to stay with your old, buggy, insecure base package, rather than finding someone who knows how to update their plugin (remember, most users aren't programmers, and most have installed plugins for a reason).
What you do is try to minimize the API surface that plugins have so it's easy to maintain backwards compatibility, and minimize the impact that older plugins can have by keeping them reasonably well isolated.
I'm not much of a wordpress user, so alas can't provide good wordpress examples, but this is really a software in general thing. Run a Linux box? How many times have you upgraded OpenSSL in the last five years?
Time and time again, rolling software has proven to be more secure than static releases. A plugin from five years ago that hasn't been maintained in that time is probably going to hurt you a lot.