This summary aside, there is at least one valid reason a project should drop support after EOL. Namely reputation. When a flaw in the OS gets exploited via the browser, people tend to blame the instrument that first started the failure. It happens all the time today even on patched systems. The browser will catch the blame for the failure in the OS since it is where the trouble started.
Hell, we've all seen it with granny getting infected because the pre-installed version of Norton's timed out and hasn't seen an update in years. Does Symantic get blamed for the failure? Does granny blame herself for not purchasing the updates? No. To granny it is the computer that is bad.