I don't expect an overnight change of all desktops to what the US Military used to call B3 level security. And even that would not stop users from shooting themselves into the foot.
Coming back to the topic of computer security, the TCP Wrapper is an example of such a safety net. I wrote it when my systems were under attack by someone who appeared to walk through walls.
My reply is: the software has no known bugs, therefore it has not been updated.
In a previous life I wrote the software that controlled my physics experiments. That software had to deal with all kinds of possible failures in equipment. That is probably where I learned to rely on multiple safety nets inside and around my systems.
One bug in an SMTP server can open up the whole machine for intrusion.
I want to avoid locking people into solutions that work only with Postfix. People should have a choice in what software they want to use with Postfix, be it anti-virus or otherwise.