My reply is: the software has no known bugs, therefore it has not been updated.
The Postfix security model is based on keeping software simple and stupid.
One bug in an SMTP server can open up the whole machine for intrusion.
Lack of documentation is becoming a problem for acceptance.
The challenge with Postfix, or with any piece of software, is to update software without introducing problems.
Like all software, Qmail can survive only when it keeps up with changing requirements.