... along with all its bugs, that is? Guys, all software sucks. Always had, always will. Including the libraries. The rate of discovery falls as the damn thing gets less and less test exposure, but so does the rate of fixing them. Efficiency of attacker on systematic hunt for bugs does *not* diminish, though. Moreover, the less exposure does the library get, the less incentive one has to do clean fixes as opposed to minimal ones, so the codebase slides deeper and deeper into bitrot. Making further fixes more and more painful and more likely to introduce new bugs.
BTW, in case if it's non-obvious - I agree that userland approach to API stability is atrociously bad. And API design tends to be just as promiscuous and lousy.
It's just that your "solution" really isn't. Neither is bundling libraries with ISV code using those, for the same reasons.