The Postfix security model is based on keeping software simple and stupid.
Windows favors multi-threading, which means that a service is implemented by one single process.
Sure, but competition is good for the user.
Qmail out of the box works fine, so people will want to use it regardless of licensing restrictions, even when the software does not ship with their system software.
The challenge with Postfix, or with any piece of software, is to update software without introducing problems.
I don't expect an overnight change of all desktops to what the US Military used to call B3 level security. And even that would not stop users from shooting themselves into the foot.
Defect-free software does not exist.
One bug in an SMTP server can open up the whole machine for intrusion.
I want to avoid locking people into solutions that work only with Postfix. People should have a choice in what software they want to use with Postfix, be it anti-virus or otherwise.
My reply is: the software has no known bugs, therefore it has not been updated.