"The Debian development team put it like this: So, given the wafer thin vectors of attack here, the extreme age of the images in question, and the fact that even at the time that they were fresh, they were images that shouldn't be used in production anyhow (Debian's "development" repositories), we've opted to leave them in place.

Binarly kind of agrees ... "