Mage One focusses on security and future server upgrades. We respect the original source code of Magento 1. In addition, we are a reliable company with exactly this purpose: providing security fixes and fixes for server upgrades. We have processes to find new security issues (security audits and public bug bounties). We start working right away when we get notice of vulnerabilities or new software versions.
Voluntary projects like OpenMage with their MageLTS might have a bigger scope (i.e. fixing usability bugs, developing new features, etc.). Their ability to fix security problems relies solely on the free private time of individuals. A patch might take only 2 hours but it could also be never fixed. With new features there is as well always the risk of new bugs and security issues.