Bigger companies have either policies or have policies derived from regulatory demands on the software they are using for their products and services. Defects must be fixed within a certain timeframe. Software suppliers and external code must be vetted. Have such a widely used library explicitly not maintained in theory should make it a no-go area forcing either removal or ongoing explicit security audits - it may well be cheaper for any of them to take over the full maintenance load. Will be interesting to watch.
Also the not so relevant security bugs are not just costs to the developers but the library churn is also costing more and more users if the user is forced by policy to follow in a timely manner the latest versions in the name of "security".