No, they bought a device that was secure, or least supposed to be. They didn't do anything to change that. If a flaw is discovered now that existed back then it should be addressed to recover to that state again.

Let's be honest: Apple is making money selling new hardware, so they have no incentive to provide support over a long period of time that does not generate new revenue. Nothing more, nothing less.

Exactly. I stated above that it is a user's fault for not keeping up to date and making poor technology choices.

There's no upgrade path on older computers (if you don't want to install Linux).

Yes there is. Buy a new computer. That is how Apple works. If a user had a problem with that, they should not have purchased an Apple product.

Users are responsible for their own (possibly poor/uninformed) choices.

... because they bought Apple :-)

How so? By not buying new PCs?