That is true, and for that reason it is not the way I approach the issue, but it may be perfectly acceptable for some .
I also think the thread starter's point is "valid", to a point, but working "well" is subjective, and the fact is that the whole spam management issue is very much an "arms race" in that what works "well" enough today may not continue to work well tomorrow. (edit: Oops - didn't mean to "retread" your earlier post here!)
I generally agree with your comments about Dreamhost keeping stuff current, but I think that has to be balanced to some degree with the greater requirement that things Dreamhost provides, by default, should be "mature" and as "solid" as possible. Dreamhost has stated repeatedly in the past that their main objective is to keep web site hosting as stable as possible, as that is what they perceive their main function to be.
I don't think they view it as a matter of "getting away" with anything, though I can only guess at the reasons they may have for still using an "older" SpamAssassin version (hey, I'm just another customer here like everyone else and I have no special understanding of why they have made the choices the have made ).
Your guess is as good as mine, though I don't characterize their choice of version to be a "getting away with" something kind of thing. Why they are using the version they are using is a question probably better directed at tech support staffers.
That said, one of the things I like the most about Dreamhost is the flexibility they afford for installing and using the tools of your choice. The Dreamhost Wiki Article on SpamAssassin even gives directions on how to install the "latest" version of SpamAssassin for your use, if you choose to do so (Oops again! - edited out repetitious info from wiki article that you already pointed out, in the same previous post I overlooked in the thresd - sorry about that!)
I just think how we choose to handle spam should our own decision, and that not everyone has the same desires in that area. For example, I handle all my spam with my own tools on my own computer . I still like POP3, and I would rather use tools on my computer for spam control, but I recognize others may want to handle it all on the server. Dreamhost offers a version of SpamAssassin "pre-configured", but each user is welcome to use a different version, or another program altogether if they choose. One thing I am pretty sure of, is that when it comes to spam filtering, somebody will be unhappy with whatever they install as a "default" spam tool - it is just the nature of that beast that users desires and priorities differ.