I was considering this the other day in the context of the "safest" version of Firefox to run - deployed exploits often being adapted for a specific _build_, might the ESR version be the most economical version for attackers to target seeing as it will be in use the longest? (the answer is probably no - a relatively small percentage of people run ESR in the first place)
But I think it's more "security through obscurity" than actual "security bugs being accidentally fixed" that may help you there. Running obscure or frequently changing versions of things could give you an amount of invulnerability to opportunistic attackers toolkits of pre-built, version (and often build)-sensitive exploits.
But I think the argument for such a thing is relatively thin, as it will give you little protection against an "advanced persistent threat".