And what does any of that have to do with the fact that XP won't magically become less secure just because it is out of support?
You are confusing XP for the desktop with XP Embedded. XPE is extremely slimmed down and omits things like the shell, file browsing, control panel, start menu, address bar, etc. Because it is configured for a single purpose (an XPE ATM machine can't browse the web, an XPE sales kiosk can't check your email), once set up it is inflexible. On XPE a user can't change system settings, can't force a stack overflow, it will always boot in a predictable way, etc.
On an XPE ATM the user has the touch-screen interface and keypad, period. A keyboard interface is available for debug and status use only, on the back of the machine safely under lock and key. Hit too many strange keypad combinations and the machine will lock down while your picture is taken (go ahead, try it!).
The source code with documentation is useful for those with enough experience to make use of it. Typically embedded source code of this type comes with extensive documentation along with a support contract which might include telephone and/or on-site support, training, tutorials, and a network of 3rd party contractors.
While XPE is very well secure, I'd prefer a solution from WindRiver before I'd look at XPE.
And I'm not a child, I have 15 years more embedded programming experience than you.
Not sure exactly what embedded project you were working on back in 1980. I wrote my first code for a hybrid VAX/VMS system (remember timesharing?) in 1976, and coded a 68000 SBC in assembly in 1985-ish. First time I coded a microcontroller I had no compiler so I did it in binary (don't do that). But making silly one-line brand-biased statements for laughs, well, to me that's childish and unprofessional.