I still have Nexus 7 running on KitKat 4.2 as I dislike material look and for newer Android versions I always go with phones that ship with customized UI that better correspond to my aesthetics sense. Disclaimer: I am a visual artist as well and hate it when somebody enforces certain style, in my case anything flat, low-contrast, confusing where my brain has to spend >20ms identifying controls.
Sure I am concerned and am pretty well-versed in advanced cryptology myself and protocol/stack weaknesses/exploits. Frankly, Android lost me when I once bought a new phone and after installing a few apps from play store it was spamming me like crazy and discussing stuff with servers in China. Since then I use all Android devices for harmless stuff like browsing while in bath/sauna, controlling my DJI drone, navigation device on my bike, watching edX/Udacity/Coursera/Udemy etc. but never for serious stuff. For serious stuff I use Sailfish on a recent Jolla phone instead with customized security stack compiled from sources (security by obscurity as well).
Old device user here. The frequency of exploits is going up, so older devices with few features and small attack surface are safer than new devices with the bells and whistles and a bigger attack surface. Basically, fuck you to the assholes pushing updates. They are doing it wrong and I reject them. I will accept no update with antifeatures, no matter how much they say it is good for me.
The old device runs a complete browser with network access and daemons etc. It seems like all of the bells and whistles were already around for quite some time.
