Only the dumbass fanboys on XDA talk about it like that anymore. The problem is that's the most vocal part of the Android community. For years that mentality was the only mentality. The problem is the IQ of XDA drops on a daily basis so they aren't looking at it like Google and the rest of us look at it now.
Any good Android news site or blog talks security updates all the time and crush some of the OEMs for lack of security updates. Sure major revision updates are nice but having Android 8 with Security patches from November doesn't mean much in the grand scheme.
The real issue is Joe Average doesn't give a fuck about updates. Joe Average doesn't give a shit whether they have Android or iOS. They really could not care less about what version of software they're on. The major OEMs know this so they don't care either.
And that apathy is a problem, because it feels like we're heading toward the mobile equivalent of Windows' Blaster worm -- that is, a malware threat that spreads far and wide because those responsible for OS security have been asleep at the wheel. If Google and vendors don't get better at providing both timely and long-term security updates, we could end up in a situation where most Android users are vulnerable to an attack, but only one percent will ever get a fix without replacing their devices.
It's not helped by Android vendors frequently reducing the quality of support based on the cost and performance of a device. Galaxy S9? Oh, we'll support you for two years, no problem. A budget Galaxy phone? Oh, sorry, just one major update for you (if you're lucky) and a handful of security updates.