Security updates would only be patches against coding errors and the like, but the architectural security until Vista was defective, and no amount of patches (without changing the OS so much it would have to be considered another one anyway) could fix that.
