How important is it to have latest Android and security patches on my phone?

I’m considering adding BW to my phone, but I haven’t yet. I am running an older Samsung phone with Android 10 and Knox (Samsung’s security suite.) It no longer gets security updates, Android updates, or patches. Not since around 2022.
I’ve done a bit of reading, plus I called my carrier, and the gist of my research seems to be that generally speaking, as long as the particular app that I am using is the latest version of that app, there is not a significant threat of that app being hacked. Plus, I have 2FA on the most important apps. So far, I have not encountered any problems with any of my apps.
So … what are your thoughts on installing the BW app on this older phone? Am I taking a risk, and should I upgrade first to a newer phone? Or will I be ok, since BW will provide me with the latest version of the app anyway?

The app updates will patch app vulnerabilities assuming you have OS protections. With OS vulnerabilities, then OS protections that the app assumes to have may not apply. OS protections include things like device encryption, anti-hammering PIN access, keystore protection, memory protection, storage protection, etc.

Well, if you have a high-value account, then you should definitely use an updated device. If you can afford it, you probably want to use an updated device for safety and a peace of mind. If you can’t afford a new phone, as long as you don’t run into an exploit, you probably won’t have a problem. Or you can try mitigating by keeping higher-value account credentials somewhere else that are less likely to be exploited, with the “less likely” part may be hard to determine. Or you can also use your phone less generally, keeping app’s numbers and serfing the webs to the minimum.

A frequent contributor on Reddit keeps saying something that is hard to swallow if you can’t afford it, along this line: it isn’t a secure computing if you don’t have an updated device.

ps: if you are technical and you have an eligible phone, with Samsung’s phone probably being eligible outside of North America, you can think about using a popular custom ROM too. It may extend years of update to the phone.

Thanks. I do have some banking and financial apps on my phone. Plus, as I mentioned, I may want to install BW. So based on what you are saying, it seems that there is an element of risk in using those apps with my current configuration. (Let me know if I am misunderstanding you.)
The latest Samsung phone (Galaxy S24 line) offers OS and security updates for 7 years, so that is a big plus for me, since I keep my phones awhile. But they are not cheap.
As for the custom ROM, I did some reading on it. I doubt I want to go that route, but I will think about it. One question: When you download the custom ROM, does it simply overlay the existing OS but keep all the apps? Or is it more involved than that?
Thanks again.

Yes, that’s right: there is an element of risk.

Samsung and Pixel’s high-ends are getting better with longer updates.

You should think of installing a custom ROM as wiping the phone clean, including user’s data, and installing a new OS. Some app data that you set up to have backed up to Google’s cloud may come back once you install the app, but since this is a non-transparent process, it might or might not happen. So you backup whatever you can using the apps’ recommended processes (maybe except to Google cloud, if it is uncertain), you install the custom ROM, and then you install the apps and restore the data.