There are two ways of handling security vulnerabilities.

One is to try and find them before the “bad guys” do, then fix them. The other is to do nothing and just hope the “bad guys” don’t find them (or have already found them and are already exploiting them)