Just to note, this is not at all a unique situation.
For example, if you use Java, Oracle will give you free security updates, but the older versions are EOLed after a time and stop receiving these. Java 6 EOL is currently set at November 2012, which follows the Java 7 developer release in July/November 2011 and the end-user release... er... two weeks ago.
If you want, you can pay through the nose to Oracle and get security updates to older Java versions - even really ancient ones. I'm sure some Moodle partners will offer this service for Moodle.
At the OU we sometimes manually apply some of the serious security updates to avoid having to take Moodle point updates (2.1.1 -> 2.1.2 say) when we aren't ready for them. Obviously doing this costs us time/money but it doesn't seem unreasonable on Moodle's part to me - most people will just apply the point updates, we want something special, we have to pay for it. Similarly if we want to sit on a major version for eighteen months before updating, we'd have to pay (again, either in time or money) to backport security fixes. Also not unreasonable.
With regard to the relatively frequent updates, rather than the EOL policy I think we'd have a bigger concern here about API changes (because of all our custom plugins) and large-system performance issues.
--sam