For starters, I would use Sinatra where you use Rack.
It takes care of a lot of unknowns for a lot of people. For instance, it makes sure you do proper redirects. Did you know that IE9 implements 302 like 307 but only for redirects from Ajax? But you can't simply use 303 as some HTTP clients don't properly implement it? Rack does not care about such things.
It also comes with built-in security, which Rack does not.
If you are comfortable with Rails and it suits your needs (that is, a monolithic model driven application), stick with it, there is nothing wrong with Rails.
The light part means: it doesn't drag a huge framework and code and complexity you don't need with it. It uses less resources than it would if it was doing that.
I would actually say that Travis CI is a Rails app, Rails is just not taking care of HTTP, but we use large parts of the Rails stack in many of our applications (Travis CI is a fully distributed app).
Our API app used to be a Rails application, but we ended up writing our own object serializers etc, so that the controllers were actually more or less just calling out to one method.
When we reworked our API, authentication, etc, we switched over to Sinatra.
The upgrade process is pretty smooth, the latest Sinatra release still runs all the first example apps published in 2007.
Also, the Sinatra code base is pretty small, so just because it's no longer officially maintained doesn't mean you can't run Sinatra 1.2.0. All security issues we have seen so far have all been in Sinatra dependencies (namely Rack) and never in Sinatra itself.
If you are stuck on an unmaintained Ruby version that's a way bigger issue than being stuck on an unmaintained Sinatra version. You should not run Ruby 1.8.6 in production for security reasons.
Many projects out there follow the two maintained feature versions approach, like Rails. How many versions of Sinatra should see regular releases? What about 1.1.x? Or 0.9.x?
It has also been announced with the 1.3.0 release that 1.2.x will be continued until the 1.4.0 release.
Being stuck on 1.2.x is pretty bad, as it still ships without rack-protection.
Simply run with -o 0.0.0.0, I think the number of people running without firewall or having an annoying firewall warning every time they start a Sinatra process is larger than the number of people developing on a VM. Also note that this has no effect if you use some different way to run your Sinatra app, like rackup.
It takes care of a lot of unknowns for a lot of people. For instance, it makes sure you do proper redirects. Did you know that IE9 implements 302 like 307 but only for redirects from Ajax? But you can't simply use 303 as some HTTP clients don't properly implement it? Rack does not care about such things.
It also comes with built-in security, which Rack does not.
If you are comfortable with Rails and it suits your needs (that is, a monolithic model driven application), stick with it, there is nothing wrong with Rails.