In my experience, the reality of bugs in open source software (from now on referred to as OSS) is different from what you would have ppl believe from your post. Whilst the bugs are easier to discover in OSS, they don't tend to be any more numerable than they do in closed source.
I've known people who have had to update their linux Kernel 4 times in one week just to stay current with exploits
I've been running Linux on and off for about 1.5 years and in that time I have updated my kernel approx 4 times - usually for better hardware support. Only once have I needed to update my kernel to fix a vulnerability (XFS directory permissions vulnerability). I don't know what issues your friends had but 4 times in 1 week seems a tad excessive to me, for any distro.
Don't get me wrong, I'm not having a pop at you. I just think the picture you painted was a bit darker than the reality, that's all
I say OSS the older versions of mIRC. I highly suspect the risks of vulnerability won't be any greater than it is at present