My reply is: the software has no known bugs, therefore it has not been updated.
One bug in an SMTP server can open up the whole machine for intrusion.