WAY too many people didn't update XP often enough and security on the web suffered for it...
In fairness, if you have users who will double-click an e-mail attachment called "Naked Mila Kunis.jpg.exe" without a second thought, there's not much Microsoft or anyone else can really do to help them short of installing a dramatically more robust security foundation in the OS -- which I hope they will do one day, but it's an extremely complicated problem to do that without undermining usability too much in the process.
As far as software updates go, the vast majority of security vulnerabilities that get patched this way were avoidable with a realistic amount of effort. Many of them come from still writing system or networking software in absurdly error-prone languages like C and C++, for example. Plenty of them happen simply because someone decided to short-circuit a professional level of review and testing procedures, aiming for fast/cheap at the expense of good. As one of the few tech companies in the world that actually has both the resources and the talent to change that, it would be nice to see an organisation like Microsoft pushing for better standards, not joining the ship-junk-and-patch-it-later train as it seems to have been lately. And if they did shift the culture successfully, I see no reason we couldn't go back to having occasional security updates available on demand and keeping major functionality or UI changes separate and optional.
The list is long, keeping stuff updated is just the way things will be in our always online connected world.
Alternative theory:
Every time a big established provider tries to lock users in with this sort of hostile action, they create an opportunity for someone to disrupt their market.
No-one actually likes software that gets updated to be worse than it was when they first chose to install it, just as no-one actually likes having in-your-face advertising or privacy invasions or spam messages when they sign up for free stuff. We now know that a lot of people will tolerate a lot of messing around from technology anyway if there's something in it for them in return, particularly on-line, but usually only as long as they don't think they have a better alternative, and sometimes only as long as they don't fully understand what is really happening or can find a way to rationalise behaviour they aren't really happy with.