If you look at pretty much any 'big' software (Oracle for instance), it includes the same exclusion.
In regulated environments, it's the responsibility of the system user to define the intended use of a system then validate to that intended use. Just because the vendor says 'do not use for important stuff' doesn't mean WE can't validate that the system works for us the way we want.
The comments others make about the validation effort are spot on. If I patch one of my production servers, I'm supposed to do a risk assessment, determine what might be affected by the patch, develop a test plan to address the potential risk, get the test plan approved, execute the test plan, document the results, write a report, get that signed, then get signed authorization to implement the patch. Think 'Service Pack' which contains a hundred or more discrete patches...
Toss hands in air, patch and pray...
It's worse for medical devices because you CANNOT patch and pray.
Oh, and while you're trying to figure out how to manage software that's not in your hands, you (the software engineer) are supposed to be creating the 'next big thing' for your company so you can keep making money.
That's why we have a couple of systems on our production floor still using Win 98. Not stupid, but a practical choice.