I agree this article is mostly foolishness, but underneath this is a substantial issue with Android. It would be much easier for a provider to push a security patch if it were backported from the latest-greatest release to some of the still-active prior releases. Even then there would be a substantial time delay. The manufacturers do some initial porting of newer Android releases to their hardware, and then the providers take that software and customize it further. Most of what the providers add is best described as bloatware (and some spyware like carrierID), but some of this is network-specific support. Lots of testing happens at each stage, especially by the manufacturer.
Porting to a new Android platform actually requires a lot of additional work as often the hardware interfaces (HAL) are modified and expanded. In addition each manufacturer has a highly customized version of Android at various levels, and porting all of this takes significant effort.
Because of all this, there is no quick way for Google to "release" a patch to people's phones (except for the Nexus phones). Google could help to hurry some security patches by backporting them, but manufacturers could also do the same. It is not, technically, Google's job to do anything but support their Nexus line. They also keep most of the platform code open (publicly available anyway), allowing other manufacturers to follow along or do as they please. And because porting does require such effort, Google also needs to continue to find ways to provoke the major manufacturers into keeping up the work.
This model for Android platform software has been successful, but is obviously flawed when it comes to distributing prompt security patches to users' devices. It's easy to gripe about this but difficult to come up with practical solutions.