And in recent news, here is a relevant example of how supporting legacy platforms can really bite you in the tuchus:
high-level tldr; PuTTY back in the day was built on Windows before it had support for a cryptographically secure source of random numbers. So to generate some ‘random’ numbers for parts of their cryptography, they instead use a clever hashing scheme to get some random bytes. And, they would have gotten away with it too except that due to some seemingly unrelated realities elsewhere and whoops now adversaries can derive private keys when a particular algorithm is used.
The solution of course is to use the ‘new’ relevant Windows crypto APIs 